On February 6, 2018, the Article 29 Working Party (WP29) adopted updated guidelines on Binding Corporate Rules (“BCRs“), which replace the previous WP29 working documents 153 and 195 on BCRs and Processor BCRs.
February 2018
Amended Colorado bill aims to enhance data privacy laws
As Data Protection Report posted on January 29, 2018, lawmakers in Colorado are considering legislation that, if enacted, would significantly strengthen Colorado’s data privacy protections. On Wednesday, February 14, 2018, an amended bill passed unanimously in Colorado’s House Committee on State, Veterans and Military Affairs.
New York permits discovery of “private” social media posts
On February 13, 2018, in Forman v. Henkin, 2018 NY Slip Op 01015, New York’s highest state court unanimously ruled that “private” social media posts may be subject to discovery in civil lawsuits.
Connecticut case finds health care privacy cause of action
On January 16, 2018, in Byrne v. Avery, the Connecticut Supreme Court unilaterally created a new state law cause of action for violation of a patient’s health care privacy.…
Singapore passes new Cybersecurity Bill: Here’s what you need to know before it comes into force
The Singapore Parliament passed the much discussed Cybersecurity Bill (the Bill) on 5 February 2018 and it is anticipated that the new law will come into force soon.…
Blocking illegal or fraudulent ‘robocalls’: FCC rulemaking, with FTC comments
Illegal robocalls are a “scourge.” So says FCC Chairman Ajit Pai, and most consumers likely agree. Both the FCC and the FTC (each of which has jurisdiction over some aspects of telemarketing regulation) are actively pursuing ways to curb illegal and fraudulent robocalls. The FCC issued a report and order in November 2017 authorizing telecommunications providers to block certain types of calls considered “highly likely to be illegitimate.” In late January 2018, the FTC responded with a staff letter expressing support for the FCC’s efforts and offering suggestions for addressing erroneously blocked calls.
February 15 deadline looms for first DFS Cybersecurity Certification
February 15, 2018, is quickly approaching and any entity subject to New York’s cybersecurity regulation (23 NYCRR Part 500) must file its first annual certification of compliance with the New York State Department of Financial Services (DFS) by that date. New York imposes cybersecurity requirements on all entities (covered entities) subject to the jurisdiction of the DFS, which include not only banks and insurers, but also any persons regulated by the DFS, including the newest DFS licensees, those engaged in virtual currency business activity.
Data breach notification to become mandatory in Australia from 22 February 2018
Privacy compliance will become even more important for all companies in Australia now that the mandatory data breach notification scheme has been enacted.
From 22 February 2018, certain data breaches (known as “eligible data breaches”) will need to be notified to the Australian Privacy Commissioner and affected individuals. Previously, notification of data breaches was optional.
China issues Personal Information Security Specification
The Standardization Administration of China issued an Information Security Technology – Personal Information Security Specification,
which will come into effect on 1 May 2018.…
US HHS OCR issues cyber extortion newsletter
This week, the US Department of Health and Human Services HHS Office for Civil Rights published a January 2018 newsletter focusing on cyber extortion.…