Topic: General

Subscribe to General RSS feed

One-Month Countdown to Pass CCPA Amendments Begins

Jeewon Kim Serrato (US)Susan Ross (US)By Jeewon Kim Serrato (US) and Susan Ross (US) on Posted in Compliance and risk management, Enforcement, General
Data Protection Report - Norton Rose FulbrightOn August 12, the California legislature returns after its summer recess. Starting with the Senate Appropriations Committee Hearing today, the legislature will now have approximately a month to continue the markups and send California Consumer Privacy Act (CCPA) amendments to the Governor’s desk for signature before the September 13 deadline.  As previously reported, any amendment … Continue reading

U.S. CLOUD Act and International Privacy

Marcus Evans (UK)David Kessler (US)Jim Lennon (AU)Susan Ross (US)By Marcus Evans (UK), David Kessler (US), Jim Lennon (AU) and Susan Ross (US) on Posted in Compliance and risk management, Enforcement, General
Norton Rose Fulbright - Data Protection Report blogThe U.S. Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”) is apparently the Goldilocks of the privacy world, according to recent statements issued by two international jurisdictions. The CLOUD Act’s requirements are “too hard” for Australian law, according to the Law Council of Australia, but the privacy protections are “too soft” for the European … Continue reading

Back At The Negotiating Table: CCPA Amendments Debate Continues

David Kessler (US)Jeewon Kim Serrato (US)Susan Ross (US)Anna Rudawski (US)By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US) and Anna Rudawski (US) on Posted in Compliance and risk management, Enforcement, General
UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK | Norton Rose FulbrightIn a 12-hour marathon hearing, the California Senate Judiciary Committee on July 9, 2019, debated, struck down, scaled back and put back on the negotiating table key amendments to the California Consumer Privacy Act (“CCPA”). Read below to find out what happened to the much-anticipated “employee exception” bill, “customer loyalty program” bill, and the bill … Continue reading

“What’s cooking” in Sacramento: CCPA’s “employee exception” bill is amended; “publicly available information” exception is broadened, and consumer access rights are clarified

Jeewon Kim Serrato (US)Susan Ross (US)By Jeewon Kim Serrato (US) and Susan Ross (US) on Posted in Compliance and risk management, General
UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK | Norton Rose FulbrightThis is the Data Protection Report’s eleventh blog post in a series of CCPA blog posts. Stay tuned for additional posts on the CCPA. As America prepares for the Fourth of July holiday weekend, the California legislature continues to work on amending the California Consumer Privacy Act (“CCPA”), as it races to get modifications passed … Continue reading

Nevada, New York and other states follow California’s CCPA

Jeewon Kim Serrato (US)Susan Ross (US)By Jeewon Kim Serrato (US) and Susan Ross (US) on Posted in Compliance and risk management, Enforcement, General, Regulatory response
The US privacy law landscape continues to shift and evolve as state and federal privacy legislative proposals continue to be debated and become enacted. While CCPA-like bills in Washington and Texas failed to pass, Nevada passed its online privacy amendment and proposals in New York and Washington, DC appear to be gaining momentum.… Continue reading

German antitrust authority prohibits Facebook from combining users’ personal data

Christoph Ritzer (DE)Maxim Kleine (DE)Natalia Filkina (DE)By Christoph Ritzer (DE), Maxim Kleine (DE) and Natalia Filkina (DE) on Posted in General
Data Protection Report - Norton Rose FulbrightOn 7 February 2019, the German antitrust authority (Bundeskartellamt, the FCO) ruled against Facebook combining user personal data from different sources, saying it was exploiting its position as a dominant social media company in violation of the EU data protection laws. The FCO said that Facebook abused its market dominance in: collecting, merging and using … Continue reading

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Kathleen Scott (US)Susan Ross (US)Tristan Coughlin* (US)By Kathleen Scott (US), Susan Ross (US) and Tristan Coughlin* (US) on Posted in Compliance and risk management, Cybersecurity, Enforcement, Fintech, General, Vendor management and transactions
Data Protection Report - Norton Rose FulbrightThe two-year transitional period under the New York State Department of Financial Services (“DFS”) Cybersecurity Regulation, 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Entities covered by the Regulation that utilize third party service providers, which include not only banks and insurers, but also other … Continue reading

Pennsylvania Supreme Court holds common law duty for employers extends to protecting sensitive employee information

Andrea D'Ambra (US)Max Kellogg (US)By Andrea D'Ambra (US) and Max Kellogg (US) on Posted in Compliance and risk management, Data breach, General, Regulatory response
Data Protection Report - Norton Rose FulbrightOn November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. … Continue reading

Browsewrap agreements: Are you covered?

Spencer Persson (US)By Spencer Persson (US) on Posted in Dispute resolution and litigation, General
Norton Rose Fulbright - Data Protection Report blogIn a recent decision, a California federal court held that an arbitration provision contained in Viacom, Inc.’s browsewrap agreement was unenforceable and denied Viacom’s request to stay the case pending arbitration.[1] The court’s decision in Rushing v. Viacom, Inc. is consistent with “courts’ traditional reluctance to enforce browsewrap agreements against individual consumers.”[2]… Continue reading

CCPA extends “right to deletion” to California residents

David Kessler (US)Anna Rudawski (US)By David Kessler (US) and Anna Rudawski (US) on Posted in Compliance and risk management, General
Data Protection Report - Norton Rose FulbrightThis is the Data Protection Report’s fifth post in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional blogs and information about our upcoming webinar on the … Continue reading

California Consumer Privacy Act: Disclosure requirements

Chris Cwalina (US)Jeewon Kim Serrato (US)Steve Roosa (US)Tristan Coughlin* (US)By Chris Cwalina (US), Jeewon Kim Serrato (US), Steve Roosa (US) and Tristan Coughlin* (US) on Posted in General
Data Protection Report - Norton Rose FulbrightThis is the Data Protection Report’s fourth blog posts in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA. The California Consumer Privacy … Continue reading

Singapore’s new Cybersecurity Act comes into force: Here’s what you need to know

Stella Cramer (SG)Wilson Ang (SG)David Olds (SG)Jessica Paulin (SG)Jeremy Lua (SG)By Stella Cramer (SG), Wilson Ang (SG), David Olds (SG), Jessica Paulin (SG) and Jeremy Lua (SG) on Posted in General
The much discussed Cybersecurity Act 2018 (Act. 9 of 2018) (the Act), which was passed by the Singapore Parliament on 5 February 2018, came into force on 31 August 2018 [1]. The new law creates a regulatory framework for the monitoring and reporting of cybersecurity threats to essential services in Singapore through the appointment of the … Continue reading

California Consumer Privacy Act: GDPR-like definition of personal information

Chris Cwalina (US)Jeewon Kim Serrato (US)Steve Roosa (US)Tristan Coughlin* (US)By Chris Cwalina (US), Jeewon Kim Serrato (US), Steve Roosa (US) and Tristan Coughlin* (US) on Posted in General
Data Protection Report - Norton Rose FulbrightThis is the Data Protection Report’s third blog post in a series of CCPA blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on the CCPA’s broad definition of Personal Information. Stay tuned for additional blogs and information … Continue reading

California Consumer Privacy Act blog series: Covered entities

Jeewon Kim Serrato (US)Steve Roosa (US)Alexis Wilpon (US)By Jeewon Kim Serrato (US), Steve Roosa (US) and Alexis Wilpon (US) on Posted in Compliance and risk management, General, Regulatory response
Data Protection Report - Norton Rose FulbrightThis is the Data Protection Report’s second post in a series of blog posts that will break down the major elements of the CCPA which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional posts and information about our upcoming webinar on the CCPA.… Continue reading

Uber as a HIPAA business associate

Alexis Wilpon (US)By Alexis Wilpon (US) on Posted in General
Norton Rose Fulbright - Data Protection Report blogUber recently announced the launch of Uber Health, a non-emergency ride service that allows healthcare providers to schedule and pay for transportation for their patients. The stated purpose of the service is to expand medical transportation to traditionally underserved areas. Roughly 3.6 million Americans miss medical appointments each year due to lack of reliable transportation, contributing to the … Continue reading

New York Event: Shark Tank – Cybersecurity in the Boardroom

By on Posted in General
UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK | Norton Rose FulbrightHow to pitch, explain, defend and collaborate on cybersecurity The board demands answers on cybersecurity. We discuss how executives can effectively respond to and collaborate with the board. Boards have now recognized that their companies, and board members themselves, face operational, financial, legal, and reputational consequences if they fail to address cybersecurity risk. Now, boards … Continue reading

Houston Event: Cybersecurity, Enterprise Risk and the Boardroom

By on Posted in General
Data Protection Report - Norton Rose FulbrightWhat could a hacking event mean for directors and officers? Significant cybersecurity incidents are intensifying and evolving. What are director and officer (D&O) duties to prevent, prepare for and respond to data breaches? Directors and officers are facing a sophisticated, organized, and motivated adversary in cyber attackers, who are untethered by law, ethics, or fear … Continue reading

White House Issues Cybersecurity Order

By on Posted in General, Regulatory response
Data Protection Report - Norton Rose FulbrightOn May 11th, 2017, the White House released an executive order on strengthening the cybersecurity of federal networks and critical infrastructure (the “Order”).  The Order marks the administration’s first successful effort to address cybersecurity, after an earlier draft executive order on cybersecurity was postponed in January. The Order is divided into three substantive sections covering … Continue reading

Norton Rose Fulbright Nominated for Cyber Law Firm of the Year

By on Posted in General
Data Protection Report - Norton Rose FulbrightThe 2017 Advisen Cyber Risk Awards nominees have been announced, and Norton Rose Fulbright is shortlisted for Cyber Law Firm of the Year.  Ballots are now open, and you can show your support for Norton Rose Fulbright by casting your vote before Friday, May 19 at 11:59 pm ET. Each year, Advisen recognizes the most … Continue reading

New York Event: Cybersecurity Developments in Asia

By on Posted in General
The past year has seen data breaches in the headlines for Asia-based companies and the continued strengthening of privacy and security laws in this region. Please join us for a panel discussion at our New York office on Friday, April 21, 2017, regarding cybersecurity developments in Asia, including China’s new cybersecurity law that comes into effect … Continue reading

Singapore legal update: Firm warned for WhatsApp personal data disclosure

Magdalene Lie (UK)By Magdalene Lie (UK) on Posted in Cybercrime, Data breach, General
Singapore’s Personal Data Protection Commission has on 21 March 2017 issued a warning to a local firm for disclosing a former employee’s personal information in a company WhatsApp group. A director at the firm, Executive Coach International, had shared highly sensitive information about the former employee with 58 members of a chat group comprising staff … Continue reading
LexBlog