“Heightened risk of cyber criminals exploiting COVID-19 fears”, NCSC warns

By Rahul Mansigani (UK) and Steven Hadwin (UK) on March 19, 2020 Posted in Cybersecurity

Data Protection Report - Norton Rose Fulbright

The National Cyber Security Centre (the NCSC) has warned that businesses and the public face an increased threat from attacks seeking to exploit COVID-19 (coronavirus), particularly given the move to home-working as a result of the COVID-19 outbreak.… Continue Reading

Thailand Personal Data Protection Law

By Tassanai Kiratisountorn, Pimchanok Eianleng, Anna Gamvros (HK) and Ruby Kwok (HK) on February 28, 2020 Posted in Regulatory response

Norton Rose Fulbright - Data Protection Report blog

Background

The Personal Data Protection Act B.E. 2562 (2019) (PDPA) was published on 27 May 2019 in Thailand’s Government Gazette and became effective the following day. However, most of the operational provisions, including provisions relating to the rights of a data subject, the obligations of a data controller and the penalties for non-compliance, will become effective on 27 May 2020, 1 year after the PDPA is published.

The PDPA is under the supervision of the Ministry of Digital Economy and Society and the main supervising authority of the PDPA is the Office of Data Protection Committee (Office… Continue Reading

Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance

By Charlie Weston-Simons (UK), Rahul Mansigani (UK) and Steven Hadwin (UK) on February 27, 2020 Posted in Cybersecurity

A few weeks ago, we blogged about the decision of the English High court in AA v. Persons Unknown & Ors.

Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. This is set out below.… Continue Reading

Personal data protection in the time of coronavirus (Covid-19)

By Barbara Li (CN) and Bohua Yao (CN) on February 25, 2020 Posted in Compliance and risk management

Outbreak of the coronavirus and personal data privacy

The fast-spreading coronavirus (Covid-19) has infected thousands of people in China and in over 20 other countries. This coronavirus outbreak, originating in Wuhan, a large city located in the central region of China, has been declared a Public Health Emergency of International Concern (PHEIC) by the World Health Organization.… Continue Reading

New privacy legislation could increase the burden for companies in Quebec

By Dominic Dupoy (CA) and Julie Himo (CA) on February 24, 2020 Posted in Compliance and risk management, Cybersecurity, Data breach

Quebec’s minister of justice announced her intention to introduce a bill aimed at modernizing the privacy regime provided by the Act respecting the protection of personal information in the private sector.… Continue Reading

Application by Privacy Commissioner To Shed Light on Judicial Enforcement of PIPEDA

By Jean-Simon Schoenholz on February 24, 2020 Posted in Compliance and risk management, Cybersecurity, Dispute resolution and litigation, Regulatory response

Recent legal action by the Office of the Privacy Commissioner of Canada (OPC) will shed light on the Federal Court’s willingness to enforce and monitor compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA). On February 6, the OPC filed a notice of application (the Application) in the Federal Court seeking a declaration that Facebook has contravened PIPEDA and various orders that would compel Facebook to bring itself into compliance. [1] Organizations governed by PIPEDA should keep a close eye on the Court’s inquiry as well as any eventual order enforcing compliance with the Act.… Continue Reading

The French data protection authority (CNIL) adopts a new standard on whistleblowing systems

By Nadège Martin (FR) and Geoffroy Coulouvrat (FR) on February 5, 2020 Posted in Compliance and risk management

At the end of 2019, following a public consultation, the CNIL adopted its much-anticipated “standard” on whistleblowing systems. The “standard” is essentially a reference document which serves as guidance for those implementing whistleblowing systems.… Continue Reading

Singapore Updates Its Model Artificial Intelligence Governance Framework

By Stella Cramer (SG), Wilson Ang (SG), Jessica Paulin (SG) and Jeremy Lua (SG) on February 4, 2020 Posted in General

On 21 January 2020 at a meeting at the World Economic Forum, the Personal Data Protection Commission (PDPC) and Infocommunications Media Development Authority (IMDA) released the second edition of its Model Artificial Intelligence (“AI”) Governance Framework (“Model Framework”).… Continue Reading

The CNIL releases draft practical guidance on cookies consent

By Nadège Martin (FR) and Cécile Auvieux (FR) on February 4, 2020 Posted in Compliance and risk management

The CNIL has published draft recommendations on how to obtain consent when placing cookies. This is following the publication of its revised “Guidelines on the implementation of cookies or similar tracking technologies” which was published in July 2019 (see our article here).

The objective of the recommendations is to provide stakeholders with practical guidance and illustrative examples. These recommendations are neither exhaustive nor binding and data controllers are free to consider other practical measures as long as they comply with the revised rules as provided by the CNIL in July 2019. The CNIL also provides a number of “good … Continue Reading

Data Privacy Day 2020 – Canadian Privacy Law Developments on the Horizon

By Julie Himo (CA), Alexis Kerr (CA), John Cassell (CA) and Ann Henderson (CA) on January 27, 2020 Posted in Cybersecurity, Data breach, General

Happy Data Privacy Day! Data Privacy Day represents a timely opportunity to highlight anticipated significant developments in Canadian privacy law in 2020 that we are monitoring following two major developments from the Government of Canada.… Continue Reading