2023

President Biden issues sweeping artificial intelligence directives targeting safety, security and trust

By Will Daugherty (US), Marcus Evans (UK) & Gerar Mazarakis (US) on November 9, 2023

On October 30, 2023, after recognizing that Artificial Intelligence (AI) is the most consequential technology of our time and anticipating that it will accelerate more technological change in the next five to ten years than witnessed in the past fifty…

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

By Dan Pepper (US) on November 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017. Noticeably…

NYDFS finalizes cybersecurity rule amendments

By David Kessler (US) & Susan Ross (US) on November 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The rules contain the provisions we had described in the original NYDFS proposal a year…

Avoiding, Managing And Responding To Cyber Incidents

By Katie Stephen (UK), Marcus Evans (UK), Rosie Nance & Catherine Pluck (UK) on November 2, 2023

Lessons From Recent Enforcement

Background

The Financial Conduct Authority (FCA) announced on 13 October 2023 that it had fined Equifax Limited (Equifax), a credit reference agency and data, analytics and technology business, £11,164,400 for failing to…

FTC amendment to Safeguards Rule

By Dan Pepper (US) & Elyssa Diamond (US) on November 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency.

Requirements

Approved on October 27, 2023 by a…

Queensland Government introduces mandatory data breach notification regime

By Peter Mulligan (AU) & Jim Lennon (AU) on October 31, 2023

On 12 October 2023, the Government introduced the Information Privacy and Other Legislation Amendment Bill 2023 (Bill) to Queensland Parliament which, amongst other things, establishes a mandatory data breach notification scheme (MDBN Scheme) in Queensland. The…

Informative preparatory papers on state of frontier AI and potential safety risks for UK AI Safety Summit published

By Marcus Evans (UK) & Lara White (UK) on October 27, 2023

On 26 October, the UK prime minister gave a speech on the AI Safety Summit to be hosted in the UK on 1 and 2 November. The summit will bring together representatives from large lab AI companies, world governments and…

2023 Technology privacy and cybersecurity summit | 1 November 2023

By Imran Ahmad (CA) on October 23, 2023

Norton Rose Fulbright Canada invites you to our annual technology, privacy and cybersecurity virtual summit. Navigating the evolving world of technology is not easy for companies today. From AI to effective company records management, privacy considerations, and cybersecurity breaches, there’s…

China proposes to ease cross border data transfer restrictions

By Anna Gamvros & Ruby Kwok (HK) on October 20, 2023

On 28 September 2023, the Cybersecurity Administration of China (CAC) released the Draft Provisions on Regulating and Promoting Cross Border Data Flow (规范和促进数据跨境流动规定) (Draft Provisions) for public consultation. The Draft Provisions, if passed, will ease the…

UK Information Commissioner’s Office Publishes Final Guidance On Employee Monitoring

By Lara White (UK), Rosie Nance & Olivia Wint on October 12, 2023

The UK Information Commissioner’s Office (ICO) published its final guidance on monitoring workers on 3 October 2023 (the Guidance). The Guidance is aimed at employers across both the private and public sector. Responding to the rise of remote working and…

Data Protection Report