Top practical tips on the preservation, collection and review of mobile data in investigations.

Remote working has accelerated the merger of work and private data, particularly on mobile phones and instant messaging services such as WhatsApp.

While employees are performing their jobs, mobile access may be putting their employers at risk – because work-related communications on unapproved platforms are frequently not preserved in accordance with regulatory requirements (where applicable), and are often inaccessible or overlooked in the event of an investigation or litigation.

We have outlined below practical tips for the preservation, collection and review of mobile data in an investigation.

General

  1. Know the expectations of relevant authorities regarding the preservation of mobile data.
Continue Reading

Proposed amendments to the Personal Data (Privacy) Ordinance to combat doxxing acts

The Hong Kong Government is proposing amendments to the Personal Data (Privacy) Ordinance (the “PDPO”) to combat doxxing acts. On 17 May 2021, the Constitutional and Mainland Affairs Bureau (the “CMAB”) published a discussion paper on the proposed amendments to the Personal Data (Privacy) Ordinance to combat doxxing acts (LC Paper No. CB(4)974/20-21(03)) (the “Paper”).

Doxxing is the act of publishing private or identifying information about an individual on the Internet, typically for malicious purposes, and has become more common in Hong Kong in recent years.

The Paper came more than a … Continue Reading

US NYDFS settles cybersecurity regulation matter for US$1.8M

Data Protection Report - Norton Rose Fulbright

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019.… Continue Reading

Final Revised SCCs expected as early as next week with Final Revised EDPB Recommendations to follow after 15 June

Data Protection Report - Norton Rose Fulbright

It was reported yesterday that publication of revised final EU Standard Contractual Clauses may be as soon as next week and that revised final EDPB Recommendations possibly following the EDPB’s next plenary meeting on 15 June.  This follows comments made by Ralf Sauer, EU Commission Deputy Head for International Data Flows, and Alexander Filip, Head of International Transfers at the Bavarian DPA at the DACH regional KnowldegeNet.

The initial draft documents can be found here. We will be providing updates on these documents and steps that exporters and importers should take once they are published in final form.… Continue Reading

President Biden’s Executive Order on improving the nation’s cybersecurity

innovation circuit board

On May 12, 2021, President Biden issued an Executive Order aimed at improving cybersecurity of the federal government, with assistance from the private sector.  The 18-page Executive Order does not set forth specific requirements, but rather sets deadlines for named agencies to develop requirements, standards, or guidelines on specific cybersecurity areas.  The Executive Order also states that “All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity set forth in and issued pursuant to this order.”  Any company subject to either the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) contract requirements … Continue Reading

Google/Android announces privacy requirements

NT Analyzer | Google Announces App Privacy Requirements

Google announced that it will follow industry standards with respect to privacy obligations. All developers with apps on Google Play will be required to disclose the type of data collected and stored and how such data is used by Q2 of 2022. These are in addition to other elements, such as security practices, data deletion upon uninstallation of app, etc.

Violators, according to Google, will be required to fix identified violations; failure to do so could result in policy enforcement.

NT Analyzer is equipped to provide organizations with a solution to meet this requirement. Read more about these requirements and Continue Reading

DSAR – No copy of work emails required in Germany

German Federal Labour Court dismissed employee’s claim

On 27 April 2021, the German Federal Labour Court (Bundesarbeitsgericht, the Federal Court) held that employees cannot request their employer to provide them with copies of all (i) the employee’s entire email correspondence; and (ii) any emails mentioning the employee by name.

The Federal Court said that under applicable civil procedural rules the request was not specific enough – it was not possible precisely identify the emails such that any order could be enforced. The court chose to base its decision on civil proceedings laws, not on data protection law.… Continue Reading

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report - Norton Rose Fulbright

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. (NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020.… Continue Reading

LexBlog