ICO publishes guidance on bulk emails

Photo of Lesley BrowningPhoto of Shane O'ReillyBy Lesley Browning and Shane O'Reilly on Posted in General
The Information Commissioner’s Office has published new guidance on email security, with emphasis on safety when sending to multiple recipients which is relevant for pension schemes when emailing their membership. The principal points include: As regards pension schemes, administrators should remember that whether information is sensitive can depend on the context and consideration should be given to … Continue reading

Singapore Releases Proposed Advisory Guidelines on Use of Personal Data in AI Recommendation and Decision Systems

Photo of Wilson AngPhoto of Jeremy Lua (SG)By Wilson Ang and Jeremy Lua (SG) on Posted in Artificial Intelligence, Data Protection, PDPA, Privacy law
On 18 July 2023, Singapore’s Personal Data Protection Commission (PDPC) issued its Proposed Advisory Guidelines on Use of Personal Data In AI Recommendation and Decision Systems (the Proposed AI Advisory Guidelines) for public consultation. The Proposed AI Advisory Guidelines address the following: The Proposed AI Advisory Guidelines may be accessed here. A brief summary of, … Continue reading

Hong Kong: Revised Breach Handling and Notifications Guidance published by the PCPD

Photo of Anna GamvrosPhoto of Edward Yau (HK)Photo of Steven ChongBy Anna Gamvros, Edward Yau (HK) and Steven Chong on Posted in Cybersecurity
As data breaches and cyber-attacks continue to surge and attackers become more sophisticated, a comprehensive data breach response plan and robust data security measures are becoming increasingly important. In Hong Kong, the Office of the Privacy Commissioner for Personal Data (the PCPD) recently published a revised Guidance on Breach Handling and Data Breach Notifications (the … Continue reading

US SEC issues final rule on cybersecurity disclosures

Photo of Susan Ross (US)By Susan Ross (US) on Posted in Cybersecurity
On July 26, 2023, the US SEC issued the long-awaited final rules for public companies and foreign private issuers requiring rapid disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk management and policies and procedures (the “SEC Final Rule”).  The SEC Final Rule reflects the SEC’s desire to standardize company disclosures … Continue reading

China finalises its Generative AI Regulation

Photo of Anna GamvrosPhoto of Edward Yau (HK)Photo of Steven ChongBy Anna Gamvros, Edward Yau (HK) and Steven Chong on Posted in General
The Provisional Administrative Measures of Generative Artificial Intelligence Services (Generative AI Measures), were published by the Cyberspace Administration of China (CAC), together with six other authorities, on 13 July 2023 and will take effect from 15 August 2023. The Generative AI Measures, along with the likely enactment of the Artificial Intelligence Law in the 2023 legislative … Continue reading

OCR and FTC Issue a Joint Letter Suggesting Enforcement Actions May Be in the Pipeline

Photo of Anna Rudawski (US)Photo of Alexis Wilpon (US)By Anna Rudawski (US) and Alexis Wilpon (US) on Posted in Compliance and risk management, Data Protection, Privacy law
On July 20, 2023 HHS and the Federal Trade Commission (“FTC”) issued a joint letter to approximately 130 companies regarding their online data collection processes.  The letter follows the much discussed December 1, 2022, Bulletin that expanded the kinds of websites and applications governed by HIPAA (you can read about our analysis of the bulletin … Continue reading

Deal-maker or deal-breaker: the legal ins and outs of using AI in M&A

Photo of Imran Ahmad (CA)Photo of Roxanne Caron (CA)Photo of Suzie Suliman (CA)By Imran Ahmad (CA), Roxanne Caron (CA) and Suzie Suliman (CA) on Posted in Artificial Intelligence, Cybersecurity, Data Protection, Intellectual Property, M&A Transactions
Deals involving AI bring about specific and unique issues for consideration during the due diligence process. Understanding the specific challenges created by AI is important for companies to ensure that the AI technology holds genuine value and would not raise red flags during the course of a transaction. Some important advice for companies looking to … Continue reading

European Commission adopts its adequacy decision for the EU-US Data Privacy Framework

Photo of Lara White (UK)Photo of Marcus Evans (UK)Photo of Susan Ross (US)Photo of Jurriaan JansenPhoto of Christoph Ritzer (DE)Photo of Nadège Martin (FR)By Lara White (UK), Marcus Evans (UK), Susan Ross (US), Jurriaan Jansen, Christoph Ritzer (DE) and Nadège Martin (FR) on Posted in Fintech
On 10 July, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (the DP Framework). It thereby declared that the United States (the US) ensures an adequate level of protection for personal data transferred from the EU to US companies that have self-certified their adherence to the DP Framework Principles. More … Continue reading

Court delays new California privacy regulations

Photo of David Kessler (US)Photo of Susan Ross (US)By David Kessler (US) and Susan Ross (US) on Posted in CCPA
On June 30, 2023—the day before the regulations were scheduled to go into effect—the Superior Court of California halted the enforcement of the California regulations that had been finalized on March 29, 2023 until March 29, 2024. (California Chamber of Commerce v. California Privacy Protection Agency, No. 34-2023-80004106-CU-WM-GDS (Cal. Super. June 30, 2023) (minute order).) … Continue reading

UK Pensions briefing: Cybersecurity for pension schemes – where are we now?

Photo of Lesley BrowningPhoto of Shane O'ReillyBy Lesley Browning and Shane O'Reilly on Posted in Cybersecurity
Cybercrime is big business and it’s growing. Is your scheme adequately protected in the event of an attempted cyberattack? Our publication Taking action on pension scheme cybersecurity set out the main cyber threats and outlined the steps that trustees could and should take to protect their schemes’ and members’ interests. It should be read in conjunction with … Continue reading
LexBlog