On May 25, 2016, Austrian law student Max Schrems issued a press release stating that he has been informed that the Irish Data Protection Commissioner (DPC) is planning to refer a question to the Court of Justice of
May 2016
IADC Issues Cybersecurity Guidelines for Drilling Assets
With infrastructure cybersecurity becoming a growing concern for businesses globally, it is not surprising that yet another industry association – the International Association of Drilling Contractors (“IADC”) – has issued cybersecurity guidelines for its members. IADC’s Guidelines for Assessing and Managing Cybersecurity Risks to Drilling Assets address the cyber risks affecting the “digital oilfield” – including wireless offshore technologies and automated drilling assets and drilling control systems.
Hong Kong Monetary Authority Strengthens Cybersecurity Controls on Banks
The Hong Kong Monetary Authority (HKMA) is taking action to tackle cyber security in the banking sector in Hong Kong through the Cybersecurity Fortification Initiative (CFI) – a new comprehensive initiative announced on May 18, 2016, which aims to raise the level of cybersecurity of the banks in Hong Kong. This follows the Hong Kong Securities and Futures Commission’s (SFC) similar initiative of issuing the Circular to All Licensed Corporations on Cybersecurity (see our previous post).
Hong Kong Regulators Step up Enforcement on Personal Data Protection
Over the past month, Hong Kong Courts and the Securities and Futures Commission (“SFC”) have taken action under the Personal Data (Privacy) Ordinance (“PDPO”) against an insurance agent, a marketing company and a licensed individual for improper handling of personal data, resulting in a Community Service Order, a fine, and an SFC disciplinary action. These cases demonstrate increased citizen awareness of privacy rights, industry focus on the PDPO, and foreshadow further enforcement activity.
EU Network & Information Security Directive Expected to Become Effective in August 2016
The EU Network & Information Security Directive (NISD) (also known as the “Cyber Security Directive”) got one step closer to adoption today when, on May 17, 2016, the EU Council confirmed at first reading the agreement reached with…
CJEU Advocate General Opinion: Dynamic IP Addresses are Personal Data; Member States cannot limit processing permitted by the Data Protection Directive
On May 12, 2016, the Court of Justice of the European Union’s (CJEU) Advocate General, Campos Sánchez-Bordona, published his opinion on a question referred to the CJEU for a preliminary ruling. The opinion argues that dynamic IP addresses should be considered to be personal data under European law. Moreover, the opinion asserts that Member States’ laws that limit the ability to store such personal data beyond the restrictions permitted in Directive 95/46EC (the Data Protection Directive) are non-compliant with European law. Although the CJEU’s final decision does not have to follow this opinion, the advocate general’s arguments are followed more often than not.
Big data: French and German authorities explore antitrust issues
On May 10, 2016, the French and German antitrust authorities published a joint study on competition law and the collection and use of data, particularly so-called big data (the Big Data Study). Data protection as such is outside the scope of EU competition laws, but antitrust authorities have considered the significance of data on a number of occasions, often in the context of merger reviews such as the EU Commission’s Facebook/WhatsApp case.
Legal update: Security issue could impact ADP customers
Cyber criminals appear to have gained unauthorized access to ADP, Inc.’s self-service customer portal to file fraudulent tax returns for some ADP customer employees.
ADP has reportedly confirmed that a subset of its customers have been the victim of tax …
FDA Warns of Link Between Anti-Malware and Medical Device Failure
Our sister blog, The Health Law Pulse, has just blogged on the first reported instance of anti-malware causing of a medical device failure. Medical device manufacturers may wish to keep this type of interruption in mind when considering the…
IAPP Profiles Norton Rose Fulbright Attorney
The International Association of Privacy Professionals (IAPP) recently profiled our colleague Nerushka Deosaran, a technology and privacy lawyer at Norton Rose Fulbright’s Johannesburg office. Read more in the “volunteer spotlight” feature in the latest edition of The …