Topic: Cybersecurity

Subscribe to Cybersecurity RSS feed

Flurry of activity in the Privacy Act review, including tougher penalties and new online privacy framework

Data Protection Report - Norton Rose FulbrightThis article was co-authored with India Bennett. After months of anticipation regarding the ongoing review of the Privacy Act 1988 (Cth), the Federal Government has galvanized the Australian privacy landscape with two significant developments. Firstly, the Government has released a discussion paper about the reform of the Privacy Act. The discussion paper considers stakeholder feedback on the issues paper released in October 2020 … Continue reading

Privacy legislation reform: Bill 64 has now been passed

Bill 64, which purports to modernise Québec’s privacy legislation, was recently passed. This sweeping reform of the province’s framework for processing personal information hinges on three main axes: increased obligations for enterprises that collect or otherwise process personal information, the creation of new rights for persons whose information is collected, and the imposition of far … Continue reading

Hong Kong: Bill to combat doxxing acts passed

Data Protection Report - Norton Rose FulbrightThe Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) aimed at combatting doxxing in Hong Kong was passed on 29 September 2021. As discussed in our earlier post, the Bill amends the Personal Data (Privacy) Ordinance (PDPO) by: introducing offences to criminalize doxxing acts; empowering the Privacy Commissioner for Personal Data (the Commissioner) to conduct … Continue reading

US Senate considers mandating 24-hour reporting requirement for ransom payments

Norton Rose Fulbright - Data Protection Report blogOn September 28, 2021, the US Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly all entities that make a ransom payment as the result of a ransomware attack against the entity to report the payment to the Director of the Cybersecurity and Infrastructure Security Agency … Continue reading

Connecticut tightens its data breach notification laws

Data Protection Report - Norton Rose FulbrightEffective October 1, 2021, an amendment[1] to the Connecticut General Statute concerning data privacy breaches, Section 36a-701b, will impact notification obligations in several significant ways. The amendment: Expands the definition of “personal information”; Shortens the notification deadline after discovery of a breach from 90 to 60 days; Removes the requirement to consult with law enforcement … Continue reading

OFAC Announces New Measures to Address Ransomware Attacks

Norton Rose Fulbright - Data Protection Report blogThe U.S. Department of Treasury, Office of Foreign Assets Control (“OFAC”) implemented additional measures today to combat the growing ransomware problem.  OFAC’s measures consist of: (1) the designation of the entire SUEX OTC, S.R.O. (“SUEX”) crypto-currency exchange (SUEX) to the SDN List; (2) designating a fairly large number (~25) additional digital currency addresses to the … Continue reading

Proposed “Cyber Incident Reporting for Critical Infrastructure Act of 2021”

On August 27, 2021, the U.S. House Homeland Security Committee released a draft bill that would, among other things, establish a Cyber Incident Review Office (CIR Office) within the Cybersecurity and Infrastructure Security Agency (CISA), which is part of the U.S. Department of Homeland Security (DHS), and require critical infrastructure owners and operators to report … Continue reading

PIPL: A game changer for companies in China

Data Protection Report - Norton Rose FulbrightChina passed its Personal Information Protection Law (PIPL) on 20 August 2021. This is China’s first omnibus data protection law, and will take effect from 1 November 2021 allowing companies just over two months to prepare themselves. The PIPL is a game changer for any company with data or business in China. It will add … Continue reading

China passes the Personal Information Protection Law

Data Protection Report - Norton Rose FulbrightChina passed its Personal Information Protection Law (PIPL) on 20 August 2021.  The new law will take effect from 1 November 2021 allowing companies just over 2 months to prepare themselves. The full text has not been made public yet. In addition, China published the Provisions on the Administration of Security of Automobile Data (For … Continue reading

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report - Norton Rose FulbrightChina’s Cyber Security Law (CSL), enacted in 2016, requires operators of critical information infrastructure (CII) to follow a number of enhanced security obligations, including storing within China all personal information and important data collected or generated during their operations in China. Given the more onerous obligation on CII operators, we are constantly asked the same … Continue reading

China’s evolving data laws: PIPL likely to be passed soon

Norton Rose Fulbright - Data Protection Report blogChina’s much anticipated Personal Information Protection Law (PIPL) is very likely to pass this month after the conclusion of the 30th meeting of the Standing Committee of the National People’s Congress, which is to be held in Beijing on 17-20 August. This follows the enactment earlier this year of the Data Security Law (DSL), which … Continue reading

Another One Bites the Dust: Court once again finds data breach forensic report isn’t protected by privilege

Norton Rose Fulbright - Data Protection Report blogOn July 22, 2021, a federal court in Pennsylvania held that an investigative report created by Kroll (the “Kroll Report”), the defendant’s third party cybersecurity consultant, and related communications were not protected by privilege. The court found that the Kroll Report was not protected by the work-product doctrine or attorney-client privilege. The decision comes after … Continue reading

President Biden’s Executive Order on improving the nation’s cybersecurity

innovation circuit boardOn May 12, 2021, President Biden issued an Executive Order aimed at improving cybersecurity of the federal government, with assistance from the private sector.  The 18-page Executive Order does not set forth specific requirements, but rather sets deadlines for named agencies to develop requirements, standards, or guidelines on specific cybersecurity areas.  The Executive Order also … Continue reading

New York State imposes a US$1.5 million penalty in cybersecurity breach case

Norton Rose Fulbright - Data Protection Report blogOn March 3, 2021, the New York Department of Financial Services (NYDFS) announced a Consent Order with a NYDFS-licensed Maine-based mortgage banker and loan servicer settling alleged violations of the NYDFS cybersecurity regulations. (In the matter of Residential Mortgage Services, Inc., March 3, 2021). The Consent Order required RMS to pay $1.5 million, and within … Continue reading

Privacy commissioners take position on using facial recognition technology

Investigative findings In a joint investigation report, the Privacy Commissioner of Canada, together with the commissioners of BC, Alberta, and Quebec concluded that Clearview AI violated Canadians’ privacy rights under federal and provincial privacy laws by scraping billons of images of people available online to be continually used in what amounted to a virtual “police … Continue reading

Incentivizing public utilities to enhance cybersecurity: FERC’s proposed regulation

Norton Rose Fulbright - Data Protection Report blogOn February 5, 2021, the Federal Energy Regulatory Commission (“FERC”) published proposed regulations in the Federal Register that would provide federal financial incentives to utilities that voluntarily increase certain cybersecurity measures above those required by the Critical Infrastructure Protection Reliability Standards (“CIP Reliability Standards”) or by the NIST, Framework for Improving Critical Infrastructure Cybersecurity (“NIST … Continue reading

Post-Brexit Personal Data Breach Reporting – An End to the ICO’s Role as One-Stop-Shop Lead Supervisory Authority

Data Protection Report - Norton Rose FulbrightThe end of the Brexit implementation period on 31 December 2020 has brought with it significant changes to the data protection landscape for UK-based businesses. Amid headlines about data transfer issues and a potential adequacy decision for the UK in the coming months, businesses also need to be aware of significant changes to the way … Continue reading

Hong Kong introduces a contact tracing app

Norton Rose Fulbright - Data Protection Report blogAs countries around the globe continue to battle the COVID-19 pandemic, contact tracing apps continue to evolve and be developed. On November 16, 2020, the Hong Kong government is launching a voluntary contact tracing app. The app, known as LeaveHomeSafe, will enable users to record the date and time they visited participating venues by scanning … Continue reading

NT Analyzer Webinar: Solving Apple’s new app privacy requirement

Solving Apple's New App Privacy RequirementPlease join us for an NT Analyzer Webinar, Solving Apple’s new app privacy requirement. Head of NRF Digital Analytics and Technology Assessment Platform for the US Steven Roosa and Associate Dan Rosenzweig as they walk through the upcoming Apple requirements, and showcase the NT Analyzer Apple dashboard solution.… Continue reading
LexBlog