ICO publishes guidance on bulk emails

The Information Commissioner’s Office has published new guidance on email security, with emphasis on safety when sending to multiple recipients which is relevant for pension schemes when emailing their membership. The principal points include: As regards pension schemes, administrators should remember that whether information is sensitive can depend on the context and consideration should be given to … Continue reading

Singapore Releases Proposed Advisory Guidelines on Use of Personal Data in AI Recommendation and Decision Systems

On 18 July 2023, Singapore’s Personal Data Protection Commission (PDPC) issued its Proposed Advisory Guidelines on Use of Personal Data In AI Recommendation and Decision Systems (the Proposed AI Advisory Guidelines) for public consultation. The Proposed AI Advisory Guidelines address the following: The Proposed AI Advisory Guidelines may be accessed here. A brief summary of, … Continue reading

Hong Kong: Revised Breach Handling and Notifications Guidance published by the PCPD

As data breaches and cyber-attacks continue to surge and attackers become more sophisticated, a comprehensive data breach response plan and robust data security measures are becoming increasingly important. In Hong Kong, the Office of the Privacy Commissioner for Personal Data (the PCPD) recently published a revised Guidance on Breach Handling and Data Breach Notifications (the … Continue reading

US SEC issues final rule on cybersecurity disclosures

On July 26, 2023, the US SEC issued the long-awaited final rules for public companies and foreign private issuers requiring rapid disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk management and policies and procedures (the “SEC Final Rule”).  The SEC Final Rule reflects the SEC’s desire to standardize company disclosures … Continue reading

China finalises its Generative AI Regulation

The Provisional Administrative Measures of Generative Artificial Intelligence Services (Generative AI Measures), were published by the Cyberspace Administration of China (CAC), together with six other authorities, on 13 July 2023 and will take effect from 15 August 2023. The Generative AI Measures, along with the likely enactment of the Artificial Intelligence Law in the 2023 legislative … Continue reading

OCR and FTC Issue a Joint Letter Suggesting Enforcement Actions May Be in the Pipeline

On July 20, 2023 HHS and the Federal Trade Commission (“FTC”) issued a joint letter to approximately 130 companies regarding their online data collection processes.  The letter follows the much discussed December 1, 2022, Bulletin that expanded the kinds of websites and applications governed by HIPAA (you can read about our analysis of the bulletin … Continue reading

Deal-maker or deal-breaker: the legal ins and outs of using AI in M&A

Deals involving AI bring about specific and unique issues for consideration during the due diligence process. Understanding the specific challenges created by AI is important for companies to ensure that the AI technology holds genuine value and would not raise red flags during the course of a transaction. Some important advice for companies looking to … Continue reading

European Commission adopts its adequacy decision for the EU-US Data Privacy Framework

On 10 July, the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework (the DP Framework). It thereby declared that the United States (the US) ensures an adequate level of protection for personal data transferred from the EU to US companies that have self-certified their adherence to the DP Framework Principles. More … Continue reading

Court delays new California privacy regulations

On June 30, 2023—the day before the regulations were scheduled to go into effect—the Superior Court of California halted the enforcement of the California regulations that had been finalized on March 29, 2023 until March 29, 2024. (California Chamber of Commerce v. California Privacy Protection Agency, No. 34-2023-80004106-CU-WM-GDS (Cal. Super. June 30, 2023) (minute order).) … Continue reading

UK Pensions briefing: Cybersecurity for pension schemes – where are we now?

Cybercrime is big business and it’s growing. Is your scheme adequately protected in the event of an attempted cyberattack? Our publication Taking action on pension scheme cybersecurity set out the main cyber threats and outlined the steps that trustees could and should take to protect their schemes’ and members’ interests. It should be read in conjunction with … Continue reading
LexBlog