Topic: Cybersecurity

OPC reconsiders its approach to cross-border data transfers with the Equifax decision

Data Protection Report - Norton Rose Fulbright

In a significant recent decision, the Office of the Privacy Commissioner of Canada (OPC) altered the regulatory landscape when moving personal information between affiliated companies and across Canada’s border for data processing or storage purposes. Any organization governed by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) will have to re-evaluate and likely … Continue reading

First multi-million Euro GDPR fine: Google LLC fined €50 million under GDPR for transparency and consent infringements in relation to use of personal data for personalized ads

By Marcus Evans (UK), Lara White (UK) and Cécile Auvieux (FR) on January 25, 2019 Posted in Compliance and risk management, Cybersecurity, Enforcement, Regulatory response

Norton Rose Fulbright - Data Protection Report blog

On January 21,2019 the French data protection authority (the CNIL) imposed a major fine on the U.S. Google entity, Google LLC. It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net. We focus here on four key aspects … Continue reading

Transition period under New York Cybersecurity Regulation ends March 1, 2019

By Kathleen Scott (US), Susan Ross (US) and Tristan Coughlin* (US) on January 7, 2019 Posted in Compliance and risk management, Cybersecurity, Enforcement, Fintech, General, Vendor management and transactions

The two-year transitional period under the New York State Department of Financial Services (“DFS”) Cybersecurity Regulation, 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Entities covered by the Regulation that utilize third party service providers, which include not only banks and insurers, but also other … Continue reading