Topic: Data Protection
Subscribe to Data Protection RSS feedOCR and FTC Issue a Joint Letter Suggesting Enforcement Actions May Be in the Pipeline
On July 20, 2023 HHS and the Federal Trade Commission (“FTC”) issued a joint letter to approximately 130 companies regarding their online data collection processes. The letter follows the much discussed December 1, 2022, Bulletin that expanded the kinds of websites and applications governed by HIPAA (you can read about our analysis of the bulletin … Continue reading
Deal-maker or deal-breaker: the legal ins and outs of using AI in M&A
Deals involving AI bring about specific and unique issues for consideration during the due diligence process. Understanding the specific challenges created by AI is important for companies to ensure that the AI technology holds genuine value and would not raise red flags during the course of a transaction. Some important advice for companies looking to … Continue reading
European Commission and ASEAN releases Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses
Posted in Data Protection, Data Transfer, PDPA, Privacy law
Introduction To enable international businesses to comply with cross-border personal data transfers and the relevant laws across the European Union (EU) and South-East Asia, on 24 May 2023 the European Commission and the Association of Southeast Asian Nations (ASEAN) published a Reference Guide to ASEAN Model Contractual Clauses (ASEAN MCCs) and EU Standard Contractual Clauses … Continue reading
Singapore contributes to the development of accessible AI testing and accountability methodology with the launch of the AI Verify Foundation and AI Verify Testing Tool
Posted in Data Protection, General
On 7 June 2023, at the ATxAISummit, Singapore launched the AI Verify Foundation, which aims to “harness the collective power and contributions of the global open source community” in order to develop the AI Verify testing tool for the responsible use of AI. In this short post, we discuss this development as well as the … Continue reading
New commitments in principle regarding UK to USA data transfer mechanism
Posted in Data ProtectionBuilding Cyber Resiliency In the Energy Sector
Posted in Cybersecurity, Data Protection
For the energy sector, cybersecurity has been a top-of-mind issue for some time. This is particularly true given some of the high-profile cyber-attacks seen in recent years that have grabbed not only media headlines but also resulted in operational disruption, financial losses and legal exposure. The challenge with cybersecurity is attacker tactics are constantly evolving … Continue reading
Validating State Privacy Law Opt-Out Signals
Posted in CCPA, Data Protection, Privacy lawUK AI White Paper
Posted in Data Protection, GeneralPractical steps for businesses to comply with Bill C-27: part 2
In our previous update, we summarized key operational elements that businesses should be aware of under the proposed Consumer Privacy Protection Act (CPPA), and provided practical tips to help businesses comply with these new requirements. As currently drafted, the CPPA codifies a number of best practices and recommendations issued by the Office of the Privacy Commissioner of Canada … Continue reading
Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)
Posted in Cybersecurity, Data Protection, Privacy law
Across the globe, the race is already underway among vehicle manufacturers to develop fully autonomous vehicles (AVs). AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world. Like other connected vehicles, AVs can also collect and use specific personal information about a driver (e.g., through … Continue reading
Ontario Court of Appeal Limits Application of Tort of Intrusion Upon Seclusion for Cyberattacks
In three recent cases, the Court of Appeal for Ontario effectively curtailed the ability of privacy breach victims to advance claims under the tort of intrusion upon seclusion against organizations for failing to prevent unauthorized access to personal information by third parties. However, while these cases should provide some reassurance that a cyberattack may not … Continue reading
New guidance on direct marketing
Posted in Data Protection, Privacy lawA Look Back On Five Key Developments in Cybersecurity and Data Protection in Southeast Asia in 2022
Posted in Data ProtectionAutonomous Vehicles – Canada’s Current Legal Framework: Liability in Motor Vehicle Accidents (Part 3)
Posted in Cybersecurity, Data Protection
As autonomous vehicle (AV) technology continues to grow in functionality and sophistication, it is only a matter of time before AVs become commercially available across Canada. The arrival of autonomous vehicles in Canada will raise a number of liability-related questions that touch on the areas of owner liability, product liability, and auto insurance. In this … Continue reading
Draft European Commission EU-US Data Privacy Framework adequacy decision published
Posted in Data Protection, Privacy law
On 13 December, the European Commission launched the process to adopt an adequacy decision for the EU-US Data Privacy Framework (EU-US DPF). The draft decision – available here – addresses the concerns raised by the Court of Justice of the European Union (CJEU) in its Schrems II decision of July 2020. These concerns centred around … Continue reading
Rare recovery in a complex ransomware case: Major NetWalker arrest leads to significant asset seizure
Norton Rose Fulbright Canada’s cyber litigation team recently obtained an order in favour of an insurer, granting it relief from forfeiture in respect of more than 11 bitcoins from the assets seized from a prolific ransomware gang.[1] This case was the first of its kind and confirms an insurer’s ability to seek recovery for losses … Continue reading
New UK guidance on Transfer Risk Assessments
Posted in Data Protection, Data Transfer
On 17 November 2022, the Information Commissioner’s Office (ICO) published an update to its guidance on international transfers (Transfers Guidance). This included specific guidance about transfer risk assessments or TRAs and a tool for undertaking TRAs (the TRA Guidance and TRA Tool, respectively). In its blog post accompanying the updated Transfers Guidance, the ICO makes … Continue reading
The servant of two masters: ICO and OFCOM Joint Statement on Online Safety and Data Protection – coordination so service providers can comply with both
Posted in Data ProtectionAutonomous Vehicles – Canada’s Current Legal Framework: Cybersecurity Considerations (Part 2)
Posted in Cybersecurity, Data Protection
The emergence of autonomous vehicles (AVs) in Canada will present a number of cybersecurity challenges and risks. AV manufacturers will need to consider these risks and address them early in the design and development process of their products. In this post, we discuss some of the key cybersecurity risks associated with AVs, strategies to mitigate … Continue reading
Contracting for Cybersecurity Risks: Mitigating Weak Links
Posted in Cybersecurity, Data breach, Data Protection
Managing vendor risks includes putting pen to paper. Organizations are increasingly susceptible to risks outside their controlled IT infrastructure as they engage third-party vendors to manage online platforms and process data. Even though an organization may have little to no control over a vendor’s security practices, it bears the ultimate responsibility for safeguarding its own … Continue reading
Privacy and Cybersecurity Due Diligence Considerations in M&A Transactions
Privacy and cybersecurity practices of target companies are being increasingly scrutinized throughout the due diligence process in M&A transactions. Particularly, buyers want to understand the risk and value inherent in sellers’ data assets and sellers want to manage transactional and post-closing risks. In the course of their privacy and cybersecurity due diligence, buyers should consider … Continue reading
