Topic: Compliance and risk management

Subscribe to Compliance and risk management RSS feed

Selling and utilising personal data in an insolvency situation

Photo of Marcus Evans (UK)Photo of Rebecca Oliver (UK)By Marcus Evans (UK), Janine Regan (UK), Rebecca Oliver (UK) and Alice Routh (UK) on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightMany businesses are suffering serious financial difficulties as a result of COVID-19, particularly those in the retail, hospitality and tourism sectors.  For many of these businesses the one asset that will undoubtedly retain value, despite the pandemic, will be their customer database.  This valuable commodity could help attract potential purchasers. But this is a tricky … Continue reading

How to process employees’ health data in France after lockdown: dos and don’ts for employers

Photo of Cécile Auvieux (FR)Photo of Nadège Martin (FR)By Cécile Auvieux (FR) and Nadège Martin (FR) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogA few weeks ago, we provided you with a summary of the rights and obligations of employers with regard to the personal data of their employees during lockdown. On 11 May, many employees will return to their workplaces. Below you will find answers to the main questions you may have ahead as the end of … Continue reading

StopCovid: the French contact-tracing app

Photo of Cécile Auvieux (FR)Photo of Nadège Martin (FR)By Cécile Auvieux (FR) and Nadège Martin (FR) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogFollowing the example of many European countries, the French government plans to introduce a contact tracing app, known as “StopCovid”.  The app is designed to be used by people once they leave the confinement of their homes with the aim of preventing the spread of COVID-19. StopCovid is being developed within the INRIA, the French … Continue reading

Irish data protection authority launches new cookie guidance and indicates cookie investigations are on the horizon

Photo of Christoph Ritzer (DE)Photo of Nadège Martin (FR)Photo of Marcus Evans (UK)By Janine Regan (UK), Christoph Ritzer (DE), Nadège Martin (FR) and Marcus Evans (UK) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogLast week, the Irish Data Protection Commission (“DPC”) published its much anticipated guidance note on cookies and similar tracking technologies (the “Guidance”).  It also published a report following a “cookie sweep” that took place between August 2019 and December 2019 of 38 data controllers (the “Report”).  The cookie sweep requested information from the data controllers … Continue reading

Obtaining and sharing employee health status information in a pandemic

Photo of Marcus Evans (UK)Photo of Miranda Byrne Hill (UK)By Marcus Evans (UK) and Miranda Byrne Hill (UK) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogEmployers across the world are facing extremely difficult challenges in keeping their workplaces safe for their employees, contractors and visitors during the COVID-19 pandemic. Although the prevailing instinct is likely to be to protect and to prevent the spread of the virus at all costs, under data protection laws this still needs to be weighed … Continue reading

NYDFS Requires COVID-19 Plans by April 9

Photo of Susan Ross (US)Photo of Kathleen Scott (US)By Susan Ross (US) and Kathleen Scott (US) on Posted in Compliance and risk management, Cybercrime, Cybersecurity, Dispute resolution and litigation, Enforcement, General
Norton Rose Fulbright - Data Protection Report blogOn March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic. NYDFS requires the plans to be submitted by Thursday, April 9, … Continue reading

Personal data protection in the time of coronavirus (Covid-19)

Photo of Barbara Li (CN)Photo of Bohua Yao (CN)By Barbara Li (CN) and Bohua Yao (CN) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogOutbreak of the coronavirus and personal data privacy The fast-spreading coronavirus (Covid-19) has infected thousands of people in China and in over 20 other countries. This coronavirus outbreak, originating in Wuhan, a large city located in the central region of China, has been declared a Public Health Emergency of International Concern (PHEIC) by the World … Continue reading

Application by Privacy Commissioner To Shed Light on Judicial Enforcement of PIPEDA

Photo of Jean-Simon SchoenholzBy Jean-Simon Schoenholz on Posted in Compliance and risk management, Cybersecurity, Dispute resolution and litigation, Regulatory response
Data Protection Report - Norton Rose FulbrightRecent legal action by the Office of the Privacy Commissioner of Canada (OPC) will shed light on the Federal Court’s willingness to enforce and monitor compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA). On February 6, the OPC filed a notice of application (the Application) in the Federal Court seeking a declaration … Continue reading

The CNIL releases draft practical guidance on cookies consent

Photo of Nadège Martin (FR)Photo of Cécile Auvieux (FR)By Nadège Martin (FR) and Cécile Auvieux (FR) on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightThe CNIL has published draft recommendations on how to obtain consent when placing cookies. This is following the publication of its revised “Guidelines on the implementation of cookies or similar tracking technologies” which was published in July 2019 (see our article here). The objective of the recommendations is to provide stakeholders with practical guidance and … Continue reading

Changes to Hong Kong’s data protection law discussed by government panel

Photo of Anna Gamvros (HK)By Anna Gamvros (HK) and Libby Ryan (HK) on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightThe discussion paper on the proposed changes to Hong Kong’s Personal Data (Privacy) Ordinance (Cap.486) (the PDPO) was debated by the  Legislative Council’s Panel on Constitutional Affairs’ (the Panel) on 20 January. The proposals set out in LC Paper. No. CB(2) 512/19-20(03) (the Paper) are summarised in our earlier post.… Continue reading

The Privacy Officers’ New Year’s Resolutions

Photo of Marcus Evans (UK)By Marcus Evans (UK) and Janine Regan (UK) on Posted in CCPA, Compliance and risk management
Data Protection Report - Norton Rose Fulbright1. Brace yourself (for export turbulence) 2020 could well be a year of data export turmoil – so brace yourself. The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) (Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems) whilst the General Court of the … Continue reading

Schrems II: AG deems SCCs valid but comes up with difficult new obligations and expresses “doubts” over privacy shield

Photo of Marcus Evans (UK)Photo of Christoph Ritzer (DE)Photo of David Kessler (US)By Marcus Evans (UK), Christoph Ritzer (DE), Janine Regan (UK) and David Kessler (US) on Posted in Compliance and risk management, Enforcement, General
What has happened? Yesterday, the Advocate General (“AG”) concluded that, in his opinion, the EU Standard Contractual Clauses (“SCCs”) are a valid mechanism to transfer personal data outside of the European Economic Area (“EEA”). However, the AG suggested new obligations for those using SCCs. They need to examine the national security laws of the country … Continue reading

Mic Drop: California AG releases long-awaited CCPA Rulemaking

Photo of David Kessler (US)Photo of Jeewon Kim Serrato (US)Photo of Susan Ross (US)Photo of Anna Rudawski (US)Photo of Max Kellogg (US)By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US), Anna Rudawski (US) and Max Kellogg (US) on Posted in CCPA, Compliance and risk management
Data Protection Report - digital privacy, CCPA and cybersecurityOn October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA). The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA.  In the press … Continue reading

New York’s Breach Law Amendments and New Security Requirements

Photo of David Kessler (US)Photo of Susan Ross (US)By David Kessler (US) and Susan Ross (US) on Posted in Compliance and risk management, Enforcement, General
Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. S.B. 5575). Anyone with personal information about a New York resident is potentially affected by … Continue reading

Office of Privacy Commissioner Says It’s Status Quo on Consent Requirements for Data Processing Transfers

Photo of Ann Henderson (CA)Photo of Julie Himo (CA)Photo of John Cassell (CA)Photo of Alexis Kerr (CA)By Ann Henderson (CA), Julie Himo (CA), John Cassell (CA) and Alexis Kerr (CA) on Posted in Compliance and risk management, Data breach, General
On September 23, the Office of the Privacy Commissioner of Canada (OPC) announced, following consultation with stakeholders, that it will maintain the position set out in its 2009 guidelines that an organization’s transfer of personal information to a third party for processing, including a transfer across the Canadian border, is a “use” of that personal … Continue reading

And then there were five: CCPA amendments pass legislature

Photo of Jeewon Kim Serrato (US)Photo of Susan Ross (US)By Jeewon Kim Serrato (US) and Susan Ross (US) on Posted in CCPA, Compliance and risk management, Enforcement
Norton Rose Fulbright - Data Protection Report blogExecutive Summary The wait is over:  Only five CCPA amendments made it through the California legislature.  The amendments are limited in scope, which means the CCPA will go into effect, largely intact, on January 1, 2020. The California legislative session for 2019 ended on September 13 and the following five amendments to the California Consumer … Continue reading

Deadline extended for compulsory registration on Data Controller registry

Photo of Ekin Inal (TR)By Ekin Inal (TR) on Posted in Compliance and risk management
Norton Rose Fulbright - Data Protection Report blogObligations We previously reported that Turkey’s data protection legislation (TDPL) requires data controllers to notify the Turkish DPA of their processing activities. Unless exempt from the requirement, all data controllers (individuals and legal entities) who process personal data in Turkey must be registered with the Turkish DPA’s Register of Data Controllers Information System (VERBİS), prior … Continue reading

CCPA: “Wait and see” is not the right approach

Photo of Chris Cwalina (US)Photo of David Kessler (US)Photo of Steve Roosa (US)Photo of Jeewon Kim Serrato (US)Photo of Susan Ross (US)By Chris Cwalina (US), David Kessler (US), Steve Roosa (US), Jeewon Kim Serrato (US) and Susan Ross (US) on Posted in CCPA, Compliance and risk management
Data Protection Report - Norton Rose FulbrightWe are seeing companies use many different approaches to the California Consumer Privacy Act (“CCPA”) compliance, but the “wait and see” approach in particular is not advisable. Companies who want to “wait and see” point to the pending amendments to CCPA that are currently working through the California Senate (as we have previously described—see links … Continue reading

The CNIL publishes new guidelines on cookies and other similar technologies

Photo of Nilofar Moini Shabestari (FR)Photo of Nadège Martin (FR)By Nilofar Moini Shabestari (FR) and Nadège Martin (FR) on Posted in Compliance and risk management
Data Protection Report - digital privacy, CCPA and cybersecurityOn 4 July 2019, the CNIL published new guidelines on cookies and other similar technologies, repealing its 2013 cookie guidance in order to align its position with the GDPR’s new requirements on consent. These guidelines will be supplemented during the first quarter of 2020 by sectoral recommendations aimed at providing practical guidance to stakeholders on … Continue reading
LexBlog