Topic: General

Subscribe to General RSS feed

New York Event: Shark Tank – Cybersecurity in the Boardroom

UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK | Norton Rose Fulbright

How to pitch, explain, defend and collaborate on cybersecurity

The board demands answers on cybersecurity. We discuss how executives can effectively respond to and collaborate with the board.

Boards have now recognized that their companies, and board members themselves, face operational, financial, legal, and reputational consequences if they fail to address cybersecurity risk. Now, boards are asking company executives to explain the company’s current state of readiness and a plan of action – presenting both a challenge and an opportunity.

Join us on July 11 in New York for an engaging discussion on how to meet the challenge of explaining … Continue Reading

Houston Event: Cybersecurity, Enterprise Risk and the Boardroom

Data Protection Report - Norton Rose Fulbright

What could a hacking event mean for directors and officers?

Significant cybersecurity incidents are intensifying and evolving. What are director and officer (D&O) duties to prevent, prepare for and respond to data breaches?

Directors and officers are facing a sophisticated, organized, and motivated adversary in cyber attackers, who are untethered by law, ethics, or fear of capture, and who are supported by a “dark web” of economic infrastructure. Gone are the days where boards of directors only had to mind what competition was doing to their operations. In the wake of these cyber incidents, the role of the C-suite and … Continue Reading

White House Issues Cybersecurity Order

Data Protection Report - Norton Rose Fulbright

On May 11th, 2017, the White House released an executive order on strengthening the cybersecurity of federal networks and critical infrastructure (the “Order”).  The Order marks the administration’s first successful effort to address cybersecurity, after an earlier draft executive order on cybersecurity was postponed in January.

The Order is divided into three substantive sections covering the cybersecurity of federal networks, the cybersecurity of critical infrastructure, and cybersecurity for the nation.… Continue Reading

Norton Rose Fulbright Nominated for Cyber Law Firm of the Year

Data Protection Report - Norton Rose Fulbright

The 2017 Advisen Cyber Risk Awards nominees have been announced, and Norton Rose Fulbright is shortlisted for Cyber Law Firm of the Year.  Ballots are now open, and you can show your support for Norton Rose Fulbright by casting your vote before Friday, May 19 at 11:59 pm ET.

Each year, Advisen recognizes the most influential and innovative leaders in the cyber risk profession, including service providers, broking teams, insurers and reinsurers.  This is the first year that Advisen has recognized an awards category for Law Firm of the Year, and we are honored to be included as a … Continue Reading

New York Event: Cybersecurity Developments in Asia

Data Protection Report - Norton Rose Fulbright

The past year has seen data breaches in the headlines for Asia-based companies and the continued strengthening of privacy and security laws in this region. Please join us for a panel discussion at our New York office on Friday, April 21, 2017, regarding cybersecurity developments in Asia, including China’s new cybersecurity law that comes into effect in June.

This presentation will focus on:

  • The overall privacy and cybersecurity landscape in Asia
  • Recent developments in laws, focusing on China, Hong Kong, and Singapore
  • Navigating the legal landscape and building trust

Speakers:

  • Stella Cramer, Co-head of Asia Technology & Innovation, Singapore
Continue Reading

Singapore legal update: Firm warned for WhatsApp personal data disclosure

Singapore’s Personal Data Protection Commission has on 21 March 2017 issued a warning to a local firm for disclosing a former employee’s personal information in a company WhatsApp group.

A director at the firm, Executive Coach International, had shared highly sensitive information about the former employee with 58 members of a chat group comprising staff and volunteers. The firm provides life and executive coaching services to individuals and corporate clients.

The case is the first in Singapore to find that sharing personal data via a private, members-only instant messaging group is still a breach of the Personal Data Protection Act … Continue Reading

IAPP San Francisco KnowledgeNet Event – Privacy Developments in Asia

Data Protection Report - Norton Rose Fulbright

Please join us for a panel discussion as we host the upcoming IAPP San Francisco Bay Area KnowledgeNet Chapter meeting on April 27, 2017. This presentation will focus on the new China Cybersecurity Law, the latest developments with Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR), and privacy laws in Asia.

Panelists:

  • Anna Gamvros, CIPP/A, CIPT, FIP, Partner and Asia Technology and Innovation Practice Co-Head, Hong Kong, Norton Rose Fulbright
  • Barbara Li, Partner, Beijing, Norton Rose Fulbright
  • Hilary Wandall, CIPP/E, CIPP/US, CIPM, General Counsel and Chief Data Governance Officer, TRUSTe

Date and time:

  • Thursday, April 27, 2017
Continue Reading

Singapore cybersecurity – new amendments introduce four key changes

Singapore’s Ministry of Home Affairs has announced amendments to the Republic’s cybersecurity laws, i.e. the Computer Misuse and Cybersecurity Act (CMCA), after a series of high-profile cyberattacks in recent years.

The Computer Misuse and Cybersecurity Amendment Bill (the Bill), which will be discussed when Parliament sits on 3 April 2017, introduces four key changes to the CMCA:

  1. Making it an offence to obtain, retain or supply personal information obtained through cybercrime
  2. Making it an offence to obtain items which can be used to commit cybercrimes
  3. Targeting cybercrimes committed overseas, against overseas computers, which create a significant risk of serious harm
Continue Reading

Event: Cybersecurity Updates in the Financial Services Sector – April 6, 2017

Data Protection Report - Norton Rose Fulbright

Please join us for a 40-minute briefing on the latest developments in cybersecurity and what the financial services sector needs to know in order to comply.

There are new regulatory initiatives at the international, US national and US state levels. With the consistent threat of security breach, financial institutions need to be aware of the latest developments in order to remain compliant and avoid becoming yet another victim of cyber hackers.

Topics will include:

  • International Standard
  • Cyber initiatives by the Trump Administration
  • CFTC Rules on Cybersecurity Testing and Systems Safeguards Risk Analysis
  • The New York State DFS Cybersecurity Regulations and
Continue Reading

IAPP Web Conference – The New Chinese Cybersecurity Law

Barbara Li, a partner in Norton Rose Fulbright’s Beijing office, recently spoke on an International Association of Privacy Professionals (IAPP) Recorded Web Conference discussing legal updates surrounding the cybersecurity law passed in November 2016 that imposes new cybersecurity data governance requirements on companies doing business in and with China.

The law encompasses both “network operators,” defined essentially as anyone owning or operating a computer system network, as well as “suppliers of network products and services.” The law will become effective June 1, 2017. (We have previously posted about the new law.)

The web conference includes information on:

  • the intent
Continue Reading

New York’s financial sector cybersecurity rules take effect

Data Protection Report - Norton Rose Fulbright

On March 1, 2017, a comprehensive set of new cybersecurity rules adopted by the New York Department of Financial Services (DFS) took effect.  The rules require banks, insurers and other entities regulated by DFS to implement a number of specific cybersecurity controls to protect not only personal information but any business information that would cause a data leak or hack to have a material adverse impact on the entity.

Below is a summary of the principal requirements, deadlines and exemptions under the rules, followed by our thoughts on implications for covered entities.

By August 28, 2017

  • Maintain a cybersecurity program
Continue Reading

IAPP New York KnowledgeNet Event – GDPR Deep Dive

Data Protection Report - Norton Rose Fulbright

Please join us as we host the upcoming New York IAPP KnowledgeNet Chapter meeting. A panel of industry legal and operational leaders will discuss the Article 29 Working Party’s guidance on the requirements of Data Protection Officers and Data Portability under the new EU General Data Protection Regulation (GDPR) and describe how best to prepare GDPR’s other enhanced individual rights.

Panelists:

  • Orrie Dinstein, CIPP/US, Chief Privacy Officer, Marsh & McLennan Companies
  • Boris Segalis, CIPP/US, Co-Chair, Data Protection, Privacy & Cybersecurity, Norton Rose Fulbright US LLP
  • Kelly Symons, CIPM, SVP, Information Governance, MasterCard

Date and time:

  • Monday, March 20, 2017
  • 5:30
Continue Reading

China data privacy: New guidance to strengthen protection of personal data

China’s guidance on privacy of personal data is set to change in the near future, following the publication of a draft guideline in late 2016. Though a date has not yet been set for the guideline to be finalised, companies should take the opportunity to assess whether they will need to make changes to their systems and processes to bring them in line with the guidance as currently set out.

The draft guideline document, “Information Security Technology – Personal Data Security Specification” (“Guideline”), issued by the National Information Security Standardisation Technical Committee, is the most comprehensive statement on the protection … Continue Reading

EU Data Package Highlights Connections between Data Protection and the Digital Single Market

Data Protection Report - Norton Rose Fulbright

On January 10, 2017, the EU Commission published a package of documents on the EU’s data economy strategy, including e-privacy, data protection and the “European Data Economy.” The Commission documents,  published in the context of the Commission’s digital single market (“DSM”) initiative announced in May 2015, illustrate again the strong links between the EU’s digital regulatory strategy, data protection, intellectual property and antitrust policy, notably including the Commission’s preliminary report on its sector inquiry on e-commerce, also launched in May 2015.… Continue Reading

Recent Developments from Our Sister Blogs

Data protection and privacy issues frequently intersect with other areas of the law. In addition to the Data Protection Report, Norton Rose Fulbright publishes other blogs covering important legal developments across the globe. These blogs sometimes touch on issues that may be of interest to our readers. As a service to our readers, we highlight some recent posts from our sister blogs:

Continue Reading

The Intersection of Trademark Law and Cybersecurity

Data Protection Report - digital privacy, CCPA and cybersecurity

Earlier this week, our colleague Sue Ross wrote on the intersection of trademark law and cybersecurity on Norton Rose Fulbright’s Brand Protection Blog. The post explains that by protecting its brand, a company can help to improve cybersecurity. For example, by seeking to recover “squatted” domain names and complaining to social networks about trademark infringement, a company can help to ensure that consumers are interacting with the intended party. As “squatted” domains and accounts are sometimes used to spread malware and collect sensitive information from emails sent to mistyped domain names, a company can help to improve cybersecurity and … Continue Reading

EU Network & Information Security Directive Expected to Become Effective in August 2016

Data Protection Report - Norton Rose Fulbright

The EU Network & Information Security Directive (NISD) (also known as the “Cyber Security Directive”) got one step closer to adoption today when, on May 17, 2016, the EU Council confirmed at first reading the agreement reached with the European Parliament in December 2015. To be enacted, the text must be approved by the European Parliament at second reading. A press release from the European Council states that the NISD is expected to enter into force in August 2016.

The NISD establishes minimum obligations for all Member States on the prevention of, handling of, and response to, risks … Continue Reading

Big data: French and German authorities explore antitrust issues

Data Protection Report - Norton Rose Fulbright

On May 10, 2016, the French and German antitrust authorities published a joint study on competition law and the collection and use of data, particularly so-called big data (the Big Data Study). Data protection as such is outside the scope of EU competition laws, but antitrust authorities have considered the significance of data on a number of occasions, often in the context of merger reviews such as the EU Commission’s Facebook/WhatsApp case.… Continue Reading

IAPP Profiles Norton Rose Fulbright Attorney

Data Protection Report - Norton Rose Fulbright

The International Association of Privacy Professionals (IAPP) recently profiled our colleague Nerushka Deosaran, a technology and privacy lawyer at Norton Rose Fulbright’s Johannesburg office.  Read more in the “volunteer spotlight” feature in the latest edition of The Privacy Advisor.

Nerushka was also appointed co-chair of the IAPP’s Johannesburg KnowledgeNet in January 2016.  The Johannesburg KnowledgeNet hosted its first event #HackPrivacy on March 17, 2016, bringing together local privacy pros to dissect topics such as Privacy-By-Design, IoT and resilience in privacy.… Continue Reading

Norton Rose Fulbright discusses recent opinion on Privacy Shield

Norton Rose Fulbright - Data Protection

The Article 29 Working Party released an opinion yesterday stating that it would not endorse the EU-US Privacy Shield. Norton Rose Fulbright partners Boris Segalis and Marcus Evans spoke with Law360 to discuss how the opinion will affect private companies. Read the full article and discussion here.

For more information on the effects of the Article 29 Working Party’s opinion, we invite you to attend our free webinar on Thursday, April 21.… Continue Reading

European Union-United States Privacy Shield – A Comprehensive Overview: Webinar

Data Protection Report - Norton Rose Fulbright

Data privacy partners at Norton Rose Fulbright invite you to join them on Thursday, April 21 for a discussion on the EU-US Privacy Shield and the impact of the Article 29 Working Party’s formal opinion on the adequacy of the Privacy Shield. The WP29’s formal opinion is expected on April 12th or April 13th.

The discussion will be led by Boris Segalis, co-chair of Norton Rose Fulbright’s Data Protection, Privacy and Cybersecurity practice in the US, Marcus Evans, data privacy partner in Norton Rose Fulbright’s London office and Jay Modrall, anti-trust and competition partner in Norton Rose Fulbright’s … Continue Reading

Norton Rose Fulbright Adds Data Privacy Partner in Hong Kong

Norton Rose Fulbright is pleased to announce that Anna Gamvros, a leading lawyer in outsourcing, privacy and data protection, has joined as partner in Hong Kong.

Gamvros has more than 14 years’ experience working as a technology and privacy lawyer in Hong Kong and joins from Baker & McKenzie where she has been a partner since 2012. Gamvros has significant experience in IT contracts and outsourcing, privacy and data protection, telecommunications and internet regulatory issues. She is co-author to Internet Law in Hong Kong published by Sweet & Maxwell and is recognised in the Legal 500 and Chambers Asia as … Continue Reading

EU Article 29 Working Party prepares for General Data Protection Regulation and responsibilities as European Data Protection Board

Data Protection Report - Norton Rose Fulbright

On February 11, 2016, the Article 29 Working Party (WP29) issued a statement setting out its 2016 action plan for implementation of the General Data Protection Regulation (GDPR) and its work programme for 2016-2018. WP29 will have 8 working groups leading the implementation of the 2016-2018 work programme.

The statement highlights the following points:

  • WP29 will develop guidelines, tools and procedures for the GDPR framework to be effective for the first semester of 2018.
  • The GDPR will have a distributed governance model with three key pillars (i) “a higher role” for national data protection authorities (
Continue Reading
LexBlog