Amended Colorado bill aims to enhance data privacy laws

Data Protection Report - Norton Rose Fulbright

As Data Protection Report posted on January 29, 2018, lawmakers in Colorado are considering legislation that, if enacted, would significantly strengthen Colorado’s data privacy protections.  On Wednesday, February 14, 2018, an amended bill passed unanimously in Colorado’s House Committee on State, Veterans and Military Affairs. Continue reading

Connecticut case finds health care privacy cause of action

Norton Rose Fulbright - Data Protection Report blog

On January 16, 2018, in Byrne v. Avery, the Connecticut Supreme Court unilaterally created a new state law cause of action for violation of a patient’s health care privacy.  (Byrne v. Avery Center for Obstetrics & Gynecology, P.C., 327 Conn. 540, __ A.3d __ (Jan. 16, 2018)). Particularly noteworthy is the new standard for a physician’s level of care: compliance with HIPAA.  In other words, violation of HIPAA can lead to a state law claim in Connecticut, but the decision does NOT create a private right of action under HIPAA. Continue reading

Singapore passes new Cybersecurity Bill: Here’s what you need to know before it comes into force

Norton Rose Fulbright - Data Protection Report blog

The Singapore Parliament passed the much discussed Cybersecurity Bill (the Bill) on 5 February 2018 and it is anticipated that the new law will come into force soon.[1]   The new law creates a regulatory framework for the monitoring and reporting of cybersecurity threats to essential services in Singapore through the appointment of the Commissioner of Cybersecurity.  It also creates a licensing regime that will require certain data security service providers in Singapore to be registered.

We set out below four key points that you should know about this new Bill. Continue reading

Blocking illegal or fraudulent ‘robocalls’: FCC rulemaking, with FTC comments

Norton Rose Fulbright - Data Protection Report blog

Illegal robocalls are a “scourge.”  So says FCC Chairman Ajit Pai, and most consumers likely agree.  Both the FCC and the FTC (each of which has jurisdiction over some aspects of telemarketing regulation) are actively pursuing ways to curb illegal and fraudulent robocalls.  The FCC issued a report and order in November 2017 authorizing telecommunications providers to block certain types of calls considered “highly likely to be illegitimate.”  In late January 2018, the FTC responded with a staff letter expressing support for the FCC’s efforts and offering suggestions for addressing erroneously blocked calls.  Continue reading

February 15 deadline looms for first DFS Cybersecurity Certification

Data Protection Report - Norton Rose Fulbright

February 15, 2018, is quickly approaching and any entity subject to New York’s cybersecurity regulation (23 NYCRR Part 500) must file its first annual certification of compliance with the New York State Department of Financial Services (DFS) by that date. New York imposes cybersecurity requirements on all entities (covered entities) subject to the jurisdiction of the DFS, which include not only banks and insurers, but also any persons regulated by the DFS, including the newest DFS licensees, those engaged in virtual currency business activity. Continue reading

Data breach notification to become mandatory in Australia from 22 February 2018

Data Protection Report - Norton Rose Fulbright

Privacy compliance will become even more important for all companies in Australia now that the mandatory data breach notification scheme has been enacted.

From 22 February 2018, certain data breaches (known as “eligible data breaches”) will need to be notified to the Australian Privacy Commissioner and affected individuals.  Previously, notification of data breaches was optional. Continue reading

China issues Personal Information Security Specification

Data Protection Report - Norton Rose Fulbright

On 29 December 2017 the Standardization Administration of China issued an Information Security Technology – Personal Information Security Specification(GB/T 35273-2017)(the “Specification”), which will come into effect on 1 May 2018. Continue reading

US HHS OCR issues cyber extortion newsletter

Data Protection Report - Norton Rose Fulbright

This week, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published a January 2018 newsletter focusing on “cyber extortion.” Cyber extortion often involves an attacker gaining access to an organization’s computer system, stealing sensitive information, and threatening to publish the information. Healthcare and public health organizations are often the targets of these attacks, so affected data frequently includes protected health information, or PHI. The OCR newsletter indicates that incidents of cyber extortion have been steadily increasing over the past several years and will continue to disrupt many organizations. Continue reading

New California “sanctuary” law restricts access to workers and their records

Data Protection Report - Norton Rose Fulbright

A new state law places California businesses on the front line in responding to federal immigration enforcement actions.  Effective January 1, 2018, AB 450 requires California employers to protect employees and their private information from warrantless “workplace raids” and I-9 form demands, and to warn employees who become targets of an immigration investigation. Continue reading

LexBlog