Topic: Compliance and risk management

Subscribe to Compliance and risk management RSS feed

Singapore PDPC responds to feedback on public consultation on approaches to managing personal data

Data Protection Report - Norton Rose FulbrightOn 1 February 2018, Singapore Personal Data Protection Commission (PDPC) released its response to feedback on its public consultation on approaches to managing personal data in the digital economy, which took place in Q3 2017 (the Public Consultation). The purpose of  the Public Consultation, was to seek public feedback on proposed changes to Singapore’s data … Continue reading

German DPAs publish templates and guidance on records of processing activities pursuant to Art. 30 GDPR

Data Protection Report - Norton Rose FulbrightThe German Data Protection Authorities (DPAs, acting as the German Data Privacy Conference, Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder) recently published templates for the records of processing activities for controllers (Art. 30 para. 1 GDPR) and processors (Art. 30 para. 2 GDPR) together with a corresponding guidance document. This guidance was expected to be released earlier … Continue reading

Working party publishes draft of GDPR guidelines for Article 49 (export derogations)

Data Protection Report - Norton Rose FulbrightOn February 12, 2018, the Article 29 Working Party (WP29) published guidance regarding Article 49 of the General Data Protection Regulation (GDPR) for public comment.  The deadline for submitting comments on the draft is March 26, 2018, and responses should be emailed to JUST-ARTICLE29WP-SEC@ec.europa.eu. Like the current EU Data Protection Directive, the GDPR prohibits the … Continue reading

European Commission issues new GDPR guidance

Norton Rose Fulbright - Data Protection Report blogThe GDPR will come into force exactly four months from Thursday.  In preparation, the European Commission has released a new website with extensive guidance on GDPR implementation, together with a Fact Sheet containing Q&As on the GDPR.  While much of the guidance is already known to privacy professionals, there are new insights as well.… Continue reading

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Norton Rose Fulbright - Data Protection Report blogSlightly over one year ago, several major distributed denial-of-service (“DDoS”) attacks took place, including a major event affecting the domain name service provider Dyn, which caused outages and slowness for a number of popular sites, including Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. Now, a new Internet of Things (IoT) botnet, called IoT Reaper, or … Continue reading

“But the emails” – companies’ SEC filings reflect ransomware risks

Data Protection Report - Norton Rose FulbrightThe Equifax breach will likely devour the entire breach news cycle in the near term, given the size of the incident and that it gets to the essence of the company’s business of maintaining some of the most sensitive consumer information. Still, in what for the moment might seem like a more pedestrian risk, companies … Continue reading

UK data protection after Brexit – UK government Statement of Intent contains few surprises

Norton Rose Fulbright - Data Protection Report blogOn the 7th August 2017, the UK’s Government Department for Digital, Culture, Media and Sport issued a Statement of Intent (the Statement) outlining its planned reforms of the UK’s data protection laws which are to be implemented by the Data Protection Bill (the Bill). The Statement anticipates the UK’s departure from the EU and makes … Continue reading

German court: monitoring of employees by key logger is not allowed

Data Protection Report - Norton Rose FulbrightThe German federal labor court held in a recent decision (Bundesarbeitsgericht, 27 July 2017 – case no. 2 AZR 681/16) that the use of evidence obtained through the use of key logger software is not permitted under current German privacy law, if there is no suspicion of a criminal offense. Such monitoring is only allowed … Continue reading

US Senators introduce IoT cybersecurity bill

Data Protection Report - Norton Rose FulbrightOn August 1, 2017, US Senators unveiled a bipartisan bill to mandate baseline cybersecurity requirements for internet connected devices purchased by the federal government. Recent attacks demonstrate that connected devices, which make up the Internet of Things (“IoT”), can paralyze websites, networks, and even components of critical infrastructure. The draft bill, introduced by a bipartisan … Continue reading

US Coast Guard Releases Draft Cybersecurity Guidelines

Data Protection Report - Norton Rose FulbrightOn July 11, 2017, the US Coast Guard (USCG) and the Department of Homeland Security (DHS) proposed new cybersecurity draft guidelines for Maritime Transportation Security Act (MTSA) regulated facilities. The guidelines follow the White House’s May 2017 Executive Order to strengthen the cybersecurity of critical infrastructure. The draft guidelines are open for public comment until … Continue reading

China Seeks Comment on Draft Regulation on Critical Information Infrastructure

On 10 July 2017 the Cyberspace Administration of China (CAC) issued a draft Regulation on the Protection of Critical Information Infrastructure (CII Regulation) for public comment. The comment period ends on 10 August 2017. This long-anticipated regulation, formulated pursuant to Article 31 of the Cyber Security Law of China (Cyber Security Law), is a key … Continue reading

The Privacy Implications of Autonomous Vehicles

Norton Rose Fulbright - Data Protection Report blogThis is the first of a two-part series discussing the privacy and security issues associated with the widespread use of automated vehicle technology.  This first post focuses on potential privacy issues, while the second post – coming soon – will address security issues. Background As the development and testing of self-driving car technology has progressed, the … Continue reading

Singapore – Comprehensive Cyber Bill Published For Consultation

Data Protection Report - Norton Rose FulbrightOverview: On 10 July 2017, the Singapore Government unveiled its draft Cybersecurity Bill (the Bill) and announced a public consultation to seek views and comments from the industry and members of public. The public consultation runs from 10 July to 3 August 2017.This Bill comes on the back of various moves by the Singapore Government … Continue reading

New Global Cyberattack Affects Businesses, Government, and Infrastructure

Norton Rose Fulbright - Data Protection Report blogA new strain of malware began infecting computer systems across the globe on Tuesday.  Similar to the WannaCry ransomware that struck last month, the malware used in this week’s attack spreads quickly across multiple computers on a network, encrypting files and displaying a ransom note that requests $300 worth of bitcoin for a decryption key. … Continue reading

Colorado Division of Securities Adopts Final Cybersecurity Rule

Norton Rose Fulbright - Data Protection Report blogBroker-dealers and investment advisers in Colorado will soon be required to comply with new rules designed to protect the electronic information they collect and maintain.  On May 19, 2017, the Colorado Division of Securities adopted final cybersecurity rules under the Colorado Securities Act.  In addition to requiring written procedures that are “reasonably designed to ensure … Continue reading

China Amends Draft Regulation on Cross-Border Data Transfer

Data Protection Report - Norton Rose FulbrightWe have just received a revised draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (Measures).  Here we outline the changes made to the draft Measures first issued on 11 April 2017 for public comment (see our previous briefing and blog post here). The revised draft is … Continue reading

Large Ransomware Attack Affects Companies in Over 70 Countries

Norton Rose Fulbright - Data Protection Report blogA large-scale ransomware attack began impacting companies and hospitals across the United States, Europe, and Asia early Friday morning.  According to reports, companies in more than 70 countries have reported incidents as of Friday afternoon. The attacks are being caused by ransomware called “WannaCry,” which quickly moves across systems to encrypt large amounts of computer … Continue reading

Hong Kong: SFC consults on proposed measures to improve cyber security for internet trading of securities in Hong Kong

A two-month consultation on proposed measures to reduce and mitigate cyber security risks associated with internet trading of securities in Hong Kong (the Consultation) was launched on 8 May 2017 by the Securities and Futures Commission (the SFC). The Consultation follows a recent review by the SFC of resilience of brokers in Hong Kong to … Continue reading

Cross-border data transfers: China issues new measures to strengthen data localisation

Norton Rose Fulbright - Data Protection Report blogThe Cyberspace Administration of China (CAC) issued draft measures for implementing the data localisation provisions under the Cybersecurity Law of China (Cybersecurity Law) and the National Security Law of China on 11 April 2017. The draft regulations are open for public comment until 11 May 2017.… Continue reading

Germany’s Parliament Approves Local Data Protection Law to Operate Alongside GDPR

Norton Rose Fulbright - Data Protection Report blogOn April 27, 2017, the German Federal Parliament voted to approve the new proposed German Federal Data Protection Act (“new FDPA”). The law would adapt the current German data protection law to the EU General Data Protection Regulation (GDPR). The federal chamber of the states, the German Federal Council, is expected to approved the new … Continue reading

Canada Passes Legislation Protecting Genetic Information

Data Protection Report - Norton Rose FulbrightThe Canadian Parliament recently passed Bill S-201, the Genetic Non-Discrimination Act, which protects individuals from having to disclose information related to genetic testing and test results. Specifically, the Act prohibits any person from requiring an individual to undergo a genetic test or disclose the results of a genetic test as a condition of providing goods … Continue reading
LexBlog