UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

The Department for Culture, Media and Sport (DCMS) has finally published the UK government’s long-awaited response to the consultation on the future of the UK data protection regime. The government set out very high level principles for a Data Reform Bill in the Queen’s Speech in May. If legislation is to be passed in this … Continue reading

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

Data Protection Report - Norton Rose FulbrightAs privacy incidents and security breaches involving personal information become increasingly frequent, organizations are more and more aware of the importance of implementing a robust privacy program to mitigate the risks and impacts of such incidents. While this preparation is important, organizations must also consider the aftermath of a privacy incident. In this first blog … Continue reading

Points to note on the European Commission’s questions and answers on the Revised Standard Contractual Clauses (SCCs)

On May 25th 2022, the European Commission published a series of questions and answers on the SCCs to be used between controllers and processors within the European Economic Area (EEA), and the SCCs to be used for transfers to countries not considered adequate by the European Commission (Third Countries) (the Q&As). The text of the … Continue reading

EDPB publishes guidance on calculating GDPR fines

On 12 May 2022 EDPB adopted Guidelines on the calculation of administrative fines (the Guidelines).  The Guidelines supplement the Article 29 Working Party’s Guidelines on the application and setting of administrative fines (WP253) adopted in October 2017 and recommends that the two are read together.  Whereas the previous guidance set out general principles for when … Continue reading

Maybe This Time : Federal Government Proposes the American Data Privacy and Protection Act

On Friday, June 3, 2022, the Senate and House released a draft of the American Data Privacy and Protection Act, (ADPPA), a watershed privacy bill that would introduce a federal standard.  Currently, a hodgepodge of industry-specific and state laws make up the backbone of American privacy regulations and rights, so a national framework for privacy … Continue reading

FTC Signals Additional Scrutiny for Data Breaches

On May 20, 2022, the Federal Trade Commission (FTC) stated that failure to disclose a data breach may be a violation of Section 5 of the FTC Act.  Historically, the FTC has not been explicit about its notification expectations, but in blog post published by the FTC’s CTO and Division of Privacy and Identity Protection, … Continue reading

Was RI Advice a watershed for cybersecurity law in Australia or a damp squib?

Data Protection Report - Norton Rose FulbrightIn this article we distil critical lessons from the Federal Court’s recent decision in Australian Securities and Investments Commission v RI Advice Group Pty Ltd[1] and practical actions to be taken by Boards and executive management. Boards and organisations should assess their cybersecurity risk management activities in light of the decision and ask whether current … Continue reading

Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information

Data Protection Report - Norton Rose FulbrightOn May 16, 2022, the Office of the Privacy Commissioner of Canada (the “OPC”) released an Interpretation Bulletin (the “Bulletin”) on what it considers to be “sensitive” personal information under the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). The Bulletin is  meant to act as a consolidated guide based on jurisprudence, regulatory findings, … Continue reading

Essential guidance for employers on COVID-19 measures at the workplace from 26 April 2022

As Singapore takes its next step towards living with COVID-19, the Ministry of Manpower (“MOM”), the Singapore National Employers Federation (SNEF) and the National Trades Union Congress (NTUC) (collectively, the “Tripartite Partners”) have issued a revised set of guidelines for employers on the COVID-19 measures to be implemented at the workplace applicable from 26 April … Continue reading

New PCI DSS v4.0 – Flexibility added

Cyber authorities sound the alarmOn March 31, 2022, the PCI Security Standards Council released the new version of the Payment Card Industry Data Security Standards (version 4.0), which represents an update almost four years in the making.  In addition to some clarifications and rearrangements, the new PCI DSS 4.0 includes 51 new requirements for all entities, and 13 new … Continue reading
LexBlog