Topic: Cybersecurity

Subscribe to Cybersecurity RSS feed

Managing AI risks and legal implications, effective cybersecurity, ensuring privacy and the integrity of organizational records

Photo of Imran Ahmad (CA)Photo of John Cassell (CA)Photo of Maya MedeirosPhoto of Veronique Barry (CA)Photo of Sara A. Levine, KC (CA)Photo of Jesse BeatsonPhoto of Roxanne Caron (CA)Photo of Jeremie Wyatt (CA)By Imran Ahmad (CA), John Cassell (CA), Maya Medeiros, Veronique Barry (CA), Sara A. Levine, KC (CA), Jesse Beatson, Roxanne Caron (CA) and Jeremie Wyatt (CA) on Posted in Artificial Intelligence, Cybersecurity
Coloured lightsIn a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit. Our leading lawyers were joined by prominent industry leaders … Continue reading

PART II: Legislative advances in the world of artificial intelligence, Canada

Photo of Imran Ahmad (CA)Photo of Brian Chau (CA)Photo of Maya MedeirosPhoto of Sarah NasrullahPhoto of Suzie Suliman (CA)By Imran Ahmad (CA), Brian Chau (CA), Maya Medeiros, Sarah Nasrullah and Suzie Suliman (CA) on Posted in Artificial Intelligence, Cybersecurity
Motherboard curcuitOn October 5, the Minister of Innovation, Science and Industry (ISED) wrote a letter to the Standing Committee on Industry and Technology proposing amendments to Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022. Further information on AIDA can be found in our previous update. The letter … Continue reading

Advances in artificial intelligence legislation in Canada (Part I)

Photo of Imran Ahmad (CA)Photo of Brian Chau (CA)Photo of Maya MedeirosPhoto of Sarah NasrullahPhoto of Suzie Suliman (CA)By Imran Ahmad (CA), Brian Chau (CA), Maya Medeiros, Sarah Nasrullah and Suzie Suliman (CA) on Posted in Artificial Intelligence, Cybersecurity
Motherboard circuitOn September 27, the Minister of Innovation, Science and Industry released a voluntary code of conduct specific to generative AI. This GenAI code follows the proposed Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022 but will not likely be in force until 2025. Beyond risk mitigation, … Continue reading

US SEC charges SolarWinds and its CISO for alleged cybersecurity misstatements and controls failures

Photo of Chris Cwalina (US)Photo of Will Daugherty (US)Photo of Kevin J. Harnisch (US)Photo of Anna Rudawski (US)Photo of Ilana Beth Sinkin (US)By Chris Cwalina (US), Will Daugherty (US), Kevin J. Harnisch (US), Anna Rudawski (US) and Ilana Beth Sinkin (US) on Posted in Cybersecurity, Dispute resolution and litigation, Enforcement
Coloured lightsOn October 30, 2023, the SEC announced charges against SolarWinds and its Chief Information Security Officer Timothy Brown. Read our full analysis at www.nortonrosefulbright.com. Special thanks to Law Clerk Ian Slingsby (Washington, DC) for his assistance in the preparation of this content.… Continue reading

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Photo of Dan Pepper (US)By Dan Pepper (US) on Posted in Cybersecurity, General
On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017. Noticeably, covered entities are now subject to new requirements imposing heightened responsibilities on Chief Information Security … Continue reading

2023 Technology privacy and cybersecurity summit | 1 November 2023

Photo of Imran Ahmad (CA)By Imran Ahmad (CA) on Posted in Cybersecurity, Privacy law
Coloured lightsNorton Rose Fulbright Canada invites you to our annual technology, privacy and cybersecurity virtual summit. Navigating the evolving world of technology is not easy for companies today. From AI to effective company records management, privacy considerations, and cybersecurity breaches, there’s a lot to consider as businesses work to maximize operational effectiveness and minimize risk. Join … Continue reading

Hong Kong: Revised Breach Handling and Notifications Guidance published by the PCPD

Photo of Anna GamvrosPhoto of Edward Yau (HK)Photo of Steven ChongBy Anna Gamvros, Edward Yau (HK) and Steven Chong on Posted in Cybersecurity
As data breaches and cyber-attacks continue to surge and attackers become more sophisticated, a comprehensive data breach response plan and robust data security measures are becoming increasingly important. In Hong Kong, the Office of the Privacy Commissioner for Personal Data (the PCPD) recently published a revised Guidance on Breach Handling and Data Breach Notifications (the … Continue reading

US SEC issues final rule on cybersecurity disclosures

Photo of Susan Ross (US)By Susan Ross (US) on Posted in Cybersecurity
On July 26, 2023, the US SEC issued the long-awaited final rules for public companies and foreign private issuers requiring rapid disclosure of material cybersecurity incidents as well as periodic disclosure of cybersecurity risk management and policies and procedures (the “SEC Final Rule”).  The SEC Final Rule reflects the SEC’s desire to standardize company disclosures … Continue reading

Deal-maker or deal-breaker: the legal ins and outs of using AI in M&A

Photo of Imran Ahmad (CA)Photo of Roxanne Caron (CA)Photo of Suzie Suliman (CA)By Imran Ahmad (CA), Roxanne Caron (CA) and Suzie Suliman (CA) on Posted in Artificial Intelligence, Cybersecurity, Data Protection, Intellectual Property, M&A Transactions
Deals involving AI bring about specific and unique issues for consideration during the due diligence process. Understanding the specific challenges created by AI is important for companies to ensure that the AI technology holds genuine value and would not raise red flags during the course of a transaction. Some important advice for companies looking to … Continue reading

UK Pensions briefing: Cybersecurity for pension schemes – where are we now?

Photo of Lesley BrowningPhoto of Shane O'ReillyBy Lesley Browning and Shane O'Reilly on Posted in Cybersecurity
Cybercrime is big business and it’s growing. Is your scheme adequately protected in the event of an attempted cyberattack? Our publication Taking action on pension scheme cybersecurity set out the main cyber threats and outlined the steps that trustees could and should take to protect their schemes’ and members’ interests. It should be read in conjunction with … Continue reading

Everyone is using ChatGPT what does my organisation need to watch out for

Photo of Marcus Evans (UK)Photo of Lara White (UK)Photo of Steve Roosa (US)By Marcus Evans (UK), Lara White (UK) and Steve Roosa (US) on Posted in Cybersecurity, Fintech
In December 2022, OpenAI released ChatGPT, a powerful AI-powered chatbot that could handle users’ questions and requests for information or content in a convincing and confident manner. The number of users signing up to use the tool increased very rapidly, with users using the tool to write letters, edit text, generate lists, prepare presentations and … Continue reading

Building Cyber Resiliency In the Energy Sector

Photo of Imran Ahmad (CA)Photo of John Cassell (CA)By Imran Ahmad (CA) and John Cassell (CA) on Posted in Cybersecurity, Data Protection
For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption, financial losses and legal exposure. The challenge with cybersecurity is attacker tactics are constantly evolving … Continue reading

Practical steps for businesses to comply with Bill C-27: part 2

Photo of Imran Ahmad (CA)Photo of Shreya GuptaPhoto of Jeremie Wyatt (CA)By Imran Ahmad (CA), Shreya Gupta and Jeremie Wyatt (CA) on Posted in Cybersecurity, Data Protection, Data Transfer, Intellectual Property, Privacy law
In our previous update, we summarized key operational elements that businesses should be aware of under the proposed Consumer Privacy Protection Act (CPPA), and provided practical tips to help businesses comply with these new requirements. As currently drafted, the CPPA codifies a number of best practices and recommendations issued by the Office of the Privacy Commissioner of Canada … Continue reading

Hong Kong: Data Security Measures Guidance published by the PCPD

Photo of Anna GamvrosPhoto of Edward Yau (HK)By Anna Gamvros and Edward Yau (HK) on Posted in Cybersecurity
As data breaches and cyber attacks continue to surge and attackers become more sophisticated, organisations are well aware that the need for robust data security measures is becoming increasingly important. In Hong Kong, the Office of the Privacy Commissioner for Personal Data (the PCPD) recently published a Guidance Note on Data Security Measures for Information … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Photo of Imran Ahmad (CA)By Imran Ahmad (CA) and Admin on Posted in Cybersecurity, Data Protection, Privacy law
Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world.  Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through … Continue reading

Bring-Your-Own-Device Programs: A Balance Between Privacy and Cybersecurity

Photo of Marisa KwanPhoto of Joseph Cohen-LyonsPhoto of Curtis ArmstrongBy Marisa Kwan, Joseph Cohen-Lyons, Curtis Armstrong and Admin on Posted in Cybersecurity, Privacy law
A ”bring your own device” (BYOD) program is a popular arrangement used by employers, whereby employees use their personal devices (e.g., smartphones, laptops, or tablets) for both personal and business purposes. Last year, about two-thirds of Canadian private sector employers had at least one employee using personal devices for business-related activities.[1] While the BYOD approach … Continue reading

Ontario Court of Appeal Limits Application of Tort of Intrusion Upon Seclusion for Cyberattacks

Photo of Travis WalkerPhoto of Imran Ahmad (CA)By Travis Walker and Imran Ahmad (CA) on Posted in Cybersecurity, Data breach, Data Protection, Privacy law
Data Protection Report - Norton Rose FulbrightIn three recent cases, the Court of Appeal for Ontario effectively curtailed the ability of privacy breach victims to advance claims under the tort of intrusion upon seclusion against organizations for failing to prevent unauthorized access to personal information by third parties. However, while these cases should provide some reassurance that a cyberattack may not … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Liability in Motor Vehicle Accidents (Part 3)

Photo of Suzie Suliman (CA)Photo of Imran Ahmad (CA)By Suzie Suliman (CA) and Imran Ahmad (CA) on Posted in Cybersecurity, Data Protection
As autonomous vehicle (AV) technology continues to grow in functionality and sophistication, it is only a matter of time before AVs become commercially available across Canada. The arrival of autonomous vehicles in Canada will raise a number of liability-related questions that touch on the areas of owner liability, product liability, and auto insurance. In this … Continue reading

Rare recovery in a complex ransomware case: Major NetWalker arrest leads to significant asset seizure

Photo of Andrew McCoombBy Andrew McCoomb on Posted in Cybercrime, Cybersecurity, Data breach, Data Protection, Ransomware
Data Protection Report - Norton Rose FulbrightNorton Rose Fulbright Canada’s cyber litigation team recently obtained an order in favour of an insurer, granting it relief from forfeiture in respect of more than 11 bitcoins from the assets seized from a prolific ransomware gang.[1] This case was the first of its kind and confirms an insurer’s ability to seek recovery for losses … Continue reading

Autonomous Vehicles – Canada’s Current Legal Framework: Cybersecurity Considerations (Part 2)

Photo of Imran Ahmad (CA)By Imran Ahmad (CA) and Admin on Posted in Cybersecurity, Data Protection
Norton Rose Fulbright - Data Protection Report blogThe emergence of autonomous vehicles (AVs) in Canada will present a number of cybersecurity challenges and risks.  AV manufacturers will need to consider these risks and address them early in the design and development process of their products. In this post, we discuss some of the key cybersecurity risks associated with AVs, strategies to mitigate … Continue reading

NYDFS proposes significant cybersecurity regulation amendments

Photo of Dan Pepper (US)Photo of Susan Ross (US)By Dan Pepper (US) and Susan Ross (US) on Posted in Cybersecurity
On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period.  NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here.  NYDFS retained many of those earlier proposed changes, and made … Continue reading

Contracting for Cybersecurity Risks: Mitigating Weak Links

Photo of Tiana Corovic (CA)By Tiana Corovic (CA) and Admin on Posted in Cybersecurity, Data breach, Data Protection
Data Protection Report - Norton Rose FulbrightManaging vendor risks includes putting pen to paper. Organizations are increasingly susceptible to risks outside their controlled IT infrastructure as they engage third-party vendors to manage online platforms and process data. Even though an organization may have little to no control over a vendor’s security practices, it bears the ultimate responsibility for safeguarding its own … Continue reading

CISA Releases New Infrastructure Cybersecurity Goals for Critical Infrastructure

Photo of Dan Pepper (US)By Dan Pepper (US) on Posted in Cybersecurity
On October 27, 2022, the Cybersecurity & Infrastructure Security Agency (“CISA”), in partnership with the National Institute of Standards and Technology (“NIST”) and the interagency community, published the first iteration of its cross-sector Cybersecurity Performance Goals (“CPGs”). Drafted in response to President Joe Biden’s July 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure … Continue reading
LexBlog