Topic: Compliance and risk management

Subscribe to Compliance and risk management RSS feed

US states pass data protection laws on the heels of the GDPR

Jeewon Kim Serrato (US)Chris Cwalina (US)Anna Rudawski (US)Tristan Coughlin* (US)By Jeewon Kim Serrato (US), Chris Cwalina (US), Anna Rudawski (US), Tristan Coughlin* (US) and Katey Fardelmann (US) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightSeveral U.S. states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections provided by Europe’s newly enacted General Data Protection Regulation (“GDPR”). See our previous blog posts on GDPR here and here.   Like their European counterparts, these state laws are intended to provide consumers with … Continue reading

California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies

Spencer Persson (US)Jeewon Kim Serrato (US)Steve Roosa (US)Arleen Fernandez (US)Anna Rudawski (US)By Spencer Persson (US), Jeewon Kim Serrato (US), Steve Roosa (US), Arleen Fernandez (US) and Anna Rudawski (US) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogThis is the Data Protection Report’s first post in a series of blog posts that will break down the major elements of the CCPA. Stay tuned for additional CCPA posts. On June 28, 2018, California lawmakers enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law which is intended to … Continue reading

One week into GDPR – what you need to know

Jeewon Kim Serrato (US)Marcus Evans (UK)Ffion Flockhart (UK)Steven Hadwin (UK)By Jeewon Kim Serrato (US), Marcus Evans (UK), Ffion Flockhart (UK) and Steven Hadwin (UK) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogWebsites go dark, complaints are filed within an hour, European Commission suffers an embarrassing data leak, and the US Commerce Secretary warns about the unintended trade impact of the law – all in the first week of the GDPR The European Union’s far-reaching General Data Protection Regulation (GDPR) went into effect on 25 May amid … Continue reading

GDPR is upon us: are you ready for what comes next?

Jeewon Kim Serrato (US)Steven Hadwin (UK)Marcus Evans (UK)By Jeewon Kim Serrato (US), Steven Hadwin (UK) and Marcus Evans (UK) on Posted in Compliance and risk management, Regulatory response
Norton Rose Fulbright - Data Protection Report blogThe wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. For many readers of this post, a huge amount of work will have been done in recent months in building up to compliance with the new regime. However, the challenges of GDPR certainly don’t end on the … Continue reading

UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK

Steven Hadwin (UK)By Steven Hadwin (UK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightThe UK NIS Regulations (implementing the NIS Directive) come into force in the UK today (10 May 2018). These Regulations have received limited press attention, in part due to the emphasis that has been placed on GDPR implementation. However, the NIS Regulations represent a significant change in the legal environment relating to cybersecurity in the … Continue reading

Massachusetts Senate passes data protection bill targeting consumer credit agencies

By on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightOn Thursday, April 26, 2018, the Massachusetts Senate unanimously passed a data breach protection bill that strengthens consumer protections after security breaches involving consumer credit reporting agencies.  If passed, the proposed legislation would amend Massachusetts’s current breach notification law.  The bill aims to help consumers protect their sensitive information before, during, and after a data … Continue reading

California privacy initiative likely to increase costs of civil litigation if passed in November

Spencer Persson (US)By Spencer Persson (US) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogA little more than one month from implementation of GDPR, companies may be tempted to relax and exhale (and if GDPR is still causing you headaches, consult our checklist). After all, the U.S. couldn’t be crazy enough to implement something as onerous and difficult, right? RIGHT?!? Enter California, which appears likely to place an initiative … Continue reading

Singapore PDPC responds to feedback on public consultation on approaches to managing personal data

Stella Cramer (SG)Wilson Ang (SG)Jessica Paulin (SG)David Olds (SG)Jeremy Lua (SG)By Stella Cramer (SG), Wilson Ang (SG), Jessica Paulin (SG), David Olds (SG) and Jeremy Lua (SG) on Posted in Compliance and risk management, Data breach, Regulatory response
Data Protection Report - Norton Rose FulbrightOn 1 February 2018, Singapore Personal Data Protection Commission (PDPC) released its response to feedback on its public consultation on approaches to managing personal data in the digital economy, which took place in Q3 2017 (the Public Consultation). The purpose of  the Public Consultation, was to seek public feedback on proposed changes to Singapore’s data … Continue reading

German DPAs publish templates and guidance on records of processing activities pursuant to Art. 30 GDPR

Christoph Ritzer (DE)By Christoph Ritzer (DE) on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightThe German Data Protection Authorities (DPAs, acting as the German Data Privacy Conference, Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder) recently published templates for the records of processing activities for controllers (Art. 30 para. 1 GDPR) and processors (Art. 30 para. 2 GDPR) together with a corresponding guidance document. This guidance was expected to be released earlier … Continue reading

Working party publishes draft of GDPR guidelines for Article 49 (export derogations)

David Kessler (US)Anna Rudawski (US)By David Kessler (US) and Anna Rudawski (US) on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightOn February 12, 2018, the Article 29 Working Party (WP29) published guidance regarding Article 49 of the General Data Protection Regulation (GDPR) for public comment.  The deadline for submitting comments on the draft is March 26, 2018, and responses should be emailed to JUST-ARTICLE29WP-SEC@ec.europa.eu. Like the current EU Data Protection Directive, the GDPR prohibits the … Continue reading

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, Cybercrime
Norton Rose Fulbright - Data Protection Report blogSlightly over one year ago, several major distributed denial-of-service (“DDoS”) attacks took place, including a major event affecting the domain name service provider Dyn, which caused outages and slowness for a number of popular sites, including Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. Now, a new Internet of Things (IoT) botnet, called IoT Reaper, or … Continue reading

“But the emails” – companies’ SEC filings reflect ransomware risks

Anna Rudawski (US)By Anna Rudawski (US) on Posted in Compliance and risk management, Data breach
Data Protection Report - Norton Rose FulbrightThe Equifax breach will likely devour the entire breach news cycle in the near term, given the size of the incident and that it gets to the essence of the company’s business of maintaining some of the most sensitive consumer information. Still, in what for the moment might seem like a more pedestrian risk, companies … Continue reading

UK data protection after Brexit – UK government Statement of Intent contains few surprises

Marcus Evans (UK)Shiv Daddar (UK)By Marcus Evans (UK) and Shiv Daddar (UK) on Posted in Compliance and risk management, Regulatory response
Norton Rose Fulbright - Data Protection Report blogOn the 7th August 2017, the UK’s Government Department for Digital, Culture, Media and Sport issued a Statement of Intent (the Statement) outlining its planned reforms of the UK’s data protection laws which are to be implemented by the Data Protection Bill (the Bill). The Statement anticipates the UK’s departure from the EU and makes … Continue reading

German court: monitoring of employees by key logger is not allowed

Christoph Ritzer (DE)By Christoph Ritzer (DE) on Posted in Compliance and risk management, Dispute resolution and litigation
Data Protection Report - Norton Rose FulbrightThe German federal labor court held in a recent decision (Bundesarbeitsgericht, 27 July 2017 – case no. 2 AZR 681/16) that the use of evidence obtained through the use of key logger software is not permitted under current German privacy law, if there is no suspicion of a criminal offense. Such monitoring is only allowed … Continue reading

US Senators introduce IoT cybersecurity bill

Anna Rudawski (US)By Anna Rudawski (US) on Posted in Compliance and risk management, Regulatory response, Vendor management and transactions
Data Protection Report - Norton Rose FulbrightOn August 1, 2017, US Senators unveiled a bipartisan bill to mandate baseline cybersecurity requirements for internet connected devices purchased by the federal government. Recent attacks demonstrate that connected devices, which make up the Internet of Things (“IoT”), can paralyze websites, networks, and even components of critical infrastructure. The draft bill, introduced by a bipartisan … Continue reading

US Coast Guard Releases Draft Cybersecurity Guidelines

Anna Rudawski (US)By Anna Rudawski (US) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOn July 11, 2017, the US Coast Guard (USCG) and the Department of Homeland Security (DHS) proposed new cybersecurity draft guidelines for Maritime Transportation Security Act (MTSA) regulated facilities. The guidelines follow the White House’s May 2017 Executive Order to strengthen the cybersecurity of critical infrastructure. The draft guidelines are open for public comment until … Continue reading

Hong Kong Company Director Convicted Under Personal Data (Privacy) Ordinance

Anna Gamvros (HK)Ruby Kwok (HK)By Anna Gamvros (HK) and Ruby Kwok (HK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightA director of a Hong Kong company has been convicted of an offence under the Personal Data (Privacy) Ordinance (“PDPO”). This is the first conviction of its type under the PDPO since the law came into effect in 1996, confirming the potential for directors’ liability under the law.… Continue reading

China Seeks Comment on Draft Regulation on Critical Information Infrastructure

Barbara Li (CN)Anna Gamvros (HK)Ruby Kwok (HK)By Barbara Li (CN), Anna Gamvros (HK) and Ruby Kwok (HK) on Posted in Compliance and risk management, Regulatory response
On 10 July 2017 the Cyberspace Administration of China (CAC) issued a draft Regulation on the Protection of Critical Information Infrastructure (CII Regulation) for public comment. The comment period ends on 10 August 2017. This long-anticipated regulation, formulated pursuant to Article 31 of the Cyber Security Law of China (Cyber Security Law), is a key … Continue reading

The Privacy Implications of Autonomous Vehicles

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, Regulatory response
Norton Rose Fulbright - Data Protection Report blogThis is the first of a two-part series discussing the privacy and security issues associated with the widespread use of automated vehicle technology.  This first post focuses on potential privacy issues, while the second post – coming soon – will address security issues. Background As the development and testing of self-driving car technology has progressed, the … Continue reading

Singapore – Comprehensive Cyber Bill Published For Consultation

Stella Cramer (SG)Wilson Ang (SG)Jeremy Lua (SG)By Stella Cramer (SG), Wilson Ang (SG) and Jeremy Lua (SG) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightOverview: On 10 July 2017, the Singapore Government unveiled its draft Cybersecurity Bill (the Bill) and announced a public consultation to seek views and comments from the industry and members of public. The public consultation runs from 10 July to 3 August 2017.This Bill comes on the back of various moves by the Singapore Government … Continue reading

New Global Cyberattack Affects Businesses, Government, and Infrastructure

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, Cybercrime
Norton Rose Fulbright - Data Protection Report blogA new strain of malware began infecting computer systems across the globe on Tuesday.  Similar to the WannaCry ransomware that struck last month, the malware used in this week’s attack spreads quickly across multiple computers on a network, encrypting files and displaying a ransom note that requests $300 worth of bitcoin for a decryption key. … Continue reading
LexBlog