Topic: Compliance and risk management

Subscribe to Compliance and risk management RSS feed

“But the emails” – companies’ SEC filings reflect ransomware risks

Anna Rudawski (US)By Anna Rudawski (US) on Posted in Compliance and risk management, Data breach
Data Protection Report - Norton Rose FulbrightThe Equifax breach will likely devour the entire breach news cycle in the near term, given the size of the incident and that it gets to the essence of the company’s business of maintaining some of the most sensitive consumer information. Still, in what for the moment might seem like a more pedestrian risk, companies … Continue reading

UK data protection after Brexit – UK government Statement of Intent contains few surprises

Marcus Evans (UK)Shiv DaddarBy Marcus Evans (UK) and Shiv Daddar on Posted in Compliance and risk management, Regulatory response
Norton Rose Fulbright - Data Protection Report blogOn the 7th August 2017, the UK’s Government Department for Digital, Culture, Media and Sport issued a Statement of Intent (the Statement) outlining its planned reforms of the UK’s data protection laws which are to be implemented by the Data Protection Bill (the Bill). The Statement anticipates the UK’s departure from the EU and makes … Continue reading

German court: monitoring of employees by key logger is not allowed

Christoph Ritzer (DE)By Christoph Ritzer (DE) and Thorben Schläfer (DE) on Posted in Compliance and risk management, Dispute resolution and litigation
Data Protection Report - Norton Rose FulbrightThe German federal labor court held in a recent decision (Bundesarbeitsgericht, 27 July 2017 – case no. 2 AZR 681/16) that the use of evidence obtained through the use of key logger software is not permitted under current German privacy law, if there is no suspicion of a criminal offense. Such monitoring is only allowed … Continue reading

US Senators introduce IoT cybersecurity bill

Anna Rudawski (US)By Anna Rudawski (US) on Posted in Compliance and risk management, Regulatory response, Vendor management and transactions
Data Protection Report - Norton Rose FulbrightOn August 1, 2017, US Senators unveiled a bipartisan bill to mandate baseline cybersecurity requirements for internet connected devices purchased by the federal government. Recent attacks demonstrate that connected devices, which make up the Internet of Things (“IoT”), can paralyze websites, networks, and even components of critical infrastructure. The draft bill, introduced by a bipartisan … Continue reading

US Coast Guard Releases Draft Cybersecurity Guidelines

Anna Rudawski (US)By Anna Rudawski (US) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOn July 11, 2017, the US Coast Guard (USCG) and the Department of Homeland Security (DHS) proposed new cybersecurity draft guidelines for Maritime Transportation Security Act (MTSA) regulated facilities. The guidelines follow the White House’s May 2017 Executive Order to strengthen the cybersecurity of critical infrastructure. The draft guidelines are open for public comment until … Continue reading

Hong Kong Company Director Convicted Under Personal Data (Privacy) Ordinance

Anna Gamvros (HK)Ruby Kwok (HK)By Anna Gamvros (HK) and Ruby Kwok (HK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightA director of a Hong Kong company has been convicted of an offence under the Personal Data (Privacy) Ordinance (“PDPO”). This is the first conviction of its type under the PDPO since the law came into effect in 1996, confirming the potential for directors’ liability under the law.… Continue reading

China Seeks Comment on Draft Regulation on Critical Information Infrastructure

Barbara Li (CN)Anna Gamvros (HK)Tom WongRuby Kwok (HK)By Barbara Li (CN), Anna Gamvros (HK), Tom Wong and Ruby Kwok (HK) on Posted in Compliance and risk management, Regulatory response
On 10 July 2017 the Cyberspace Administration of China (CAC) issued a draft Regulation on the Protection of Critical Information Infrastructure (CII Regulation) for public comment. The comment period ends on 10 August 2017. This long-anticipated regulation, formulated pursuant to Article 31 of the Cyber Security Law of China (Cyber Security Law), is a key … Continue reading

The Privacy Implications of Autonomous Vehicles

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, Regulatory response
Norton Rose Fulbright - Data Protection Report blogThis is the first of a two-part series discussing the privacy and security issues associated with the widespread use of automated vehicle technology.  This first post focuses on potential privacy issues, while the second post – coming soon – will address security issues. Background As the development and testing of self-driving car technology has progressed, the … Continue reading

Singapore – Comprehensive Cyber Bill Published For Consultation

Stella Cramer (SG)Wilson Ang (SG)Jeremy Lua (SG)By Stella Cramer (SG), Wilson Ang (SG) and Jeremy Lua (SG) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOverview: On 10 July 2017, the Singapore Government unveiled its draft Cybersecurity Bill (the Bill) and announced a public consultation to seek views and comments from the industry and members of public. The public consultation runs from 10 July to 3 August 2017.This Bill comes on the back of various moves by the Singapore Government … Continue reading

New Global Cyberattack Affects Businesses, Government, and Infrastructure

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, cybercrime
Norton Rose Fulbright - Data Protection Report blogA new strain of malware began infecting computer systems across the globe on Tuesday.  Similar to the WannaCry ransomware that struck last month, the malware used in this week’s attack spreads quickly across multiple computers on a network, encrypting files and displaying a ransom note that requests $300 worth of bitcoin for a decryption key. … Continue reading

Colorado Division of Securities Adopts Final Cybersecurity Rule

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, Regulatory response
Norton Rose Fulbright - Data Protection Report blogBroker-dealers and investment advisers in Colorado will soon be required to comply with new rules designed to protect the electronic information they collect and maintain.  On May 19, 2017, the Colorado Division of Securities adopted final cybersecurity rules under the Colorado Securities Act.  In addition to requiring written procedures that are “reasonably designed to ensure … Continue reading

China Amends Draft Regulation on Cross-Border Data Transfer

Barbara Li (CN)Tom WongBy Barbara Li (CN) and Tom Wong on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightWe have just received a revised draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (Measures).  Here we outline the changes made to the draft Measures first issued on 11 April 2017 for public comment (see our previous briefing and blog post here). The revised draft is … Continue reading

Large Ransomware Attack Affects Companies in Over 70 Countries

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, cybercrime
Norton Rose Fulbright - Data Protection Report blogA large-scale ransomware attack began impacting companies and hospitals across the United States, Europe, and Asia early Friday morning.  According to reports, companies in more than 70 countries have reported incidents as of Friday afternoon. The attacks are being caused by ransomware called “WannaCry,” which quickly moves across systems to encrypt large amounts of computer … Continue reading

Hong Kong: SFC consults on proposed measures to improve cyber security for internet trading of securities in Hong Kong

James Parker (HK)Anna Gamvros (HK)By James Parker (HK) and Anna Gamvros (HK) on Posted in Compliance and risk management, cybercrime, Regulatory response
A two-month consultation on proposed measures to reduce and mitigate cyber security risks associated with internet trading of securities in Hong Kong (the Consultation) was launched on 8 May 2017 by the Securities and Futures Commission (the SFC). The Consultation follows a recent review by the SFC of resilience of brokers in Hong Kong to … Continue reading

Cross-border data transfers: China issues new measures to strengthen data localisation

Barbara Li (CN)Tom WongAnna Gamvros (HK)Ruby Kwok (HK)By Barbara Li (CN), Tom Wong, Anna Gamvros (HK) and Ruby Kwok (HK) on Posted in Compliance and risk management, Regulatory response
Norton Rose Fulbright - Data Protection Report blogThe Cyberspace Administration of China (CAC) issued draft measures for implementing the data localisation provisions under the Cybersecurity Law of China (Cybersecurity Law) and the National Security Law of China on 11 April 2017. The draft regulations are open for public comment until 11 May 2017.… Continue reading

Germany’s Parliament Approves Local Data Protection Law to Operate Alongside GDPR

Christoph Ritzer (DE)Sven Jacobs (DE)By Christoph Ritzer (DE) and Sven Jacobs (DE) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogOn April 27, 2017, the German Federal Parliament voted to approve the new proposed German Federal Data Protection Act (“new FDPA”). The law would adapt the current German data protection law to the EU General Data Protection Regulation (GDPR). The federal chamber of the states, the German Federal Council, is expected to approved the new … Continue reading

Canada Passes Legislation Protecting Genetic Information

Mark Edward Davis (CA)By Mark Edward Davis (CA) on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightThe Canadian Parliament recently passed Bill S-201, the Genetic Non-Discrimination Act, which protects individuals from having to disclose information related to genetic testing and test results. Specifically, the Act prohibits any person from requiring an individual to undergo a genetic test or disclose the results of a genetic test as a condition of providing goods … Continue reading

The Long Arm of Canadian Privacy Law

Mark Edward Davis (CA)By Mark Edward Davis (CA) on Posted in Compliance and risk management, Dispute resolution and litigation
Data Protection Report - Norton Rose FulbrightEarlier this year, a Canadian trial court ruled that Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) has extra-territorial application and restricts the dissemination of personal information of Canadians, even where the information is already public, and even though it is made available from outside Canada.… Continue reading

UK Information Commissioner Updates Paper on Big Data, Artificial Intelligence, Machine Learning, and Data Protection

Marcus Evans (UK)By Marcus Evans (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOn 1 March 2017, the UK Information Commissioner’s Office (ICO) published a paper on big data, artificial intelligence, machine learning and data protection (replacing its early paper published in 2014). Although the paper is described as a “discussion paper”, it makes a number of recommendations that those involved in big data projects would be well … Continue reading

UK Information Commissioner Publishes Draft GDPR Consent Guidance

Marcus Evans (UK)By Marcus Evans (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOn March 2, 2017, the UK Information Commissioner’s Office (ICO) published its draft General Data Protection Regulation (GDPR) consent guidance, and called for comments on the guidance. The consultation is open until March 31, 2017. The ICO will issue final guidance in May 2017. The guidance is detailed, and references the various GDPR Articles and … Continue reading

New York’s financial sector cybersecurity rules take effect

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, General, Regulatory response
Data Protection Report - Norton Rose FulbrightOn March 1, 2017, a comprehensive set of new cybersecurity rules adopted by the New York Department of Financial Services (DFS) took effect.  The rules require banks, insurers and other entities regulated by DFS to implement a number of specific cybersecurity controls to protect not only personal information but any business information that would cause … Continue reading

Cloudbleed Bug Impacts Large Swath of the Internet

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, Data breach
Data Protection Report - Norton Rose FulbrightCloudflare, which operates a widely used web content delivery network, announced a security bug on February 23 that caused sensitive data to leak from its customers’ websites.  The exact number of websites potentially affected is unknown but some estimates place the total in excess of 5 million. The Google security researcher who discovered the bug – … Continue reading

US Government Contractors Now Required to Train Employees on Privacy

Anna Rudawski (US)By Anna Rudawski (US) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightEffective January 19, 2017,  an update to the Federal Acquisition Regulation (FAR) will require certain contractors that provide services to the federal government to train their employees on privacy.  New contracts into which the federal government enters with contractors will include privacy training requirements. In addition, the rule requires contractors to flow down privacy training … Continue reading
LexBlog