On December 4, 2024, HHS announced an agreement with Gulf Coast Pain Consultants calling for payment of $1.1 million in civil penalties due to alleged lack of compliance with HIPAA’s security requirements. Two days later, HHS announced an agreement with
2024
Facial recognition and privacy: Updated OAIC guidance
The Office of the Australian Information Commissioner (OAIC) has issued guidance to private sector organisations who are considering using facial recognition technology (FRT) for identification purposes in commercial or retail settings. The guidance follows a determination of the Privacy Commissioner…
Australian Privacy Alert: Parliament passes major and meaningful privacy law reform
On 29 November 2024, the first tranche of sweeping Australian privacy reforms under the Privacy and Other Legislation Amendment Bill 2024 (Cth) (Bill) passed both Houses of Parliament. We previously considered the Bill when it was tabled on 12 September…
NYDFS settles with insurance companies over failures in their cybersecurity programs
On November 25, 2024, the New York State Department of Financial Services (“NYDFS”) announced it settled with two large insurance companies over allegations of inadequate data security practices in violation of New York’s cybersecurity regulation (23 NYCRR Part 500) (the…
TR v Land Hessen – DPA not obliged to fine under the GDPR
By Shan Nanayakkara
In TR v Land Hessen (C‑768/21) the European Court of Justice (“ECJ”) found that following a personal data breach, a supervisory authority is under no obligation to exercise its corrective powers, specifically the power to…
2024 Technology Privacy and Cybersecurity Summit | November 25 – 28, 2024
Norton Rose Fulbright Canada invites you to its leading annual technology, privacy, and cybersecurity virtual summit. Learn how to leverage AI for a competitive edge while mitigating its inherent risks.
This four-part series is tailored for legal professionals, business leaders…
Bill C-26: Advancing towards cybersecurity governance in Canada
Content On September 19, the Senate commenced its second reading of Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts, marking a significant step forward in the legislative process since…
China’s proposed AI Labelling Regulations: Key points
In response to the rapid development of artificial intelligence (AI) technologies, the Cyberspace Administration of China (the CAC) recently issued two draft regulations for public consultation: Measures for Labelling Artificial Intelligence-Generated or Synthetic Content (the Draft AI…
The UK’s Public Authority Algorithmic and Automated Decision-Making Systems Bill: key takeaways
Lord Clement-Jones has introduced a Public Authority Algorithmic and Automated Decision-Making Systems Private Members’ Bill (Bill) into the House of Lords. Currently at the second reading stage, the Bill addresses increasing reliance on AI and algorithmic systems by…
SEC issues $7 million in disclosure fines to SolarWinds victims
On October 22, 2024, the U.S. Securities and Exchange Commission (“SEC” or “Commission”) issued a series of orders imposing almost $7 million in disclosure fines against four global digital service providers impacted by the 2020 SolarWinds compromise. The SEC accused…