Top practical tips on the preservation, collection and review of mobile data in investigations.

By Andrew Reeves (UK) and Claudia Culley on June 3, 2021 Posted in Compliance and risk management

Remote working has accelerated the merger of work and private data, particularly on mobile phones and instant messaging services such as WhatsApp.

While employees are performing their jobs, mobile access may be putting their employers at risk – because work-related communications on unapproved platforms are frequently not preserved in accordance with regulatory requirements (where applicable), and are often inaccessible or overlooked in the event of an investigation or litigation.

We have outlined below practical tips for the preservation, collection and review of mobile data in an investigation.

General

Know the expectations of relevant authorities regarding the preservation of mobile data.

Proposed amendments to the Personal Data (Privacy) Ordinance to combat doxxing acts

By Anna Gamvros (HK), Ruby Kwok (HK) and Edward Yau (HK) on June 3, 2021 Posted in Regulatory response

The Hong Kong Government is proposing amendments to the Personal Data (Privacy) Ordinance (the “PDPO”) to combat doxxing acts. On 17 May 2021, the Constitutional and Mainland Affairs Bureau (the “CMAB”) published a discussion paper on the proposed amendments to the Personal Data (Privacy) Ordinance to combat doxxing acts (LC Paper No. CB(4)974/20-21(03)) (the “Paper”).

Doxxing is the act of publishing private or identifying information about an individual on the Internet, typically for malicious purposes, and has become more common in Hong Kong in recent years.

The Paper came more than a … Continue Reading

How data privacy can affect consumer goods

By Steve Roosa (US) and Daniel Rosenzweig (US) on June 2, 2021 Posted in NT Analyzer Blog Series

Almost every website, mobile app, and IoT rely on third party code. But more often than not, this necessary reliance results in undetected data leakage, which can result in regulatory action, litigation, and/or bad PR.

Learn more on our NT Analyzer site.… Continue Reading

US NYDFS settles cybersecurity regulation matter for US$1.8M

By David Kessler (US), Susan Ross (US) and Patrick Burke (US) on June 2, 2021 Posted in Cybersecurity

Data Protection Report - Norton Rose Fulbright

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019.… Continue Reading

Final Revised SCCs expected as early as next week with Final Revised EDPB Recommendations to follow after 15 June

By Marcus Evans (UK) and Christoph Ritzer (DE) on May 21, 2021 Posted in Data Transfer

It was reported yesterday that publication of revised final EU Standard Contractual Clauses may be as soon as next week and that revised final EDPB Recommendations possibly following the EDPB’s next plenary meeting on 15 June. This follows comments made by Ralf Sauer, EU Commission Deputy Head for International Data Flows, and Alexander Filip, Head of International Transfers at the Bavarian DPA at the DACH regional KnowldegeNet.

The initial draft documents can be found here. We will be providing updates on these documents and steps that exporters and importers should take once they are published in final form.… Continue Reading

President Biden’s Executive Order on improving the nation’s cybersecurity

By Chris Cwalina (US), Will Daugherty (US) and Susan Ross (US) on May 19, 2021 Posted in Cybersecurity

On May 12, 2021, President Biden issued an Executive Order aimed at improving cybersecurity of the federal government, with assistance from the private sector. The 18-page Executive Order does not set forth specific requirements, but rather sets deadlines for named agencies to develop requirements, standards, or guidelines on specific cybersecurity areas. The Executive Order also states that “All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity set forth in and issued pursuant to this order.” Any company subject to either the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) contract requirements … Continue Reading

Google/Android announces privacy requirements

By Daniel Rosenzweig (US) and Wenda Tang (US) on May 12, 2021 Posted in NT Analyzer Blog Series

NT Analyzer | Google Announces App Privacy Requirements

Google announced that it will follow industry standards with respect to privacy obligations. All developers with apps on Google Play will be required to disclose the type of data collected and stored and how such data is used by Q2 of 2022. These are in addition to other elements, such as security practices, data deletion upon uninstallation of app, etc.

Violators, according to Google, will be required to fix identified violations; failure to do so could result in policy enforcement.

NT Analyzer is equipped to provide organizations with a solution to meet this requirement. Read more about these requirements and … Continue Reading

DSAR – No copy of work emails required in Germany

By Christoph Ritzer (DE) and Natalia Filkina (DE) on April 30, 2021 Posted in Compliance and risk management

German Federal Labour Court dismissed employee’s claim

On 27 April 2021, the German Federal Labour Court (Bundesarbeitsgericht, the Federal Court) held that employees cannot request their employer to provide them with copies of all (i) the employee’s entire email correspondence; and (ii) any emails mentioning the employee by name.

The Federal Court said that under applicable civil procedural rules the request was not specific enough – it was not possible precisely identify the emails such that any order could be enforced. The court chose to base its decision on civil proceedings laws, not on data protection law.… Continue Reading

iOS 14.5 and ATT Framework is coming

By Steve Roosa (US) and Daniel Rosenzweig (US) on April 22, 2021 Posted in NT Analyzer Blog Series

ATT Framework is coming. Read more on NT Analyzer

On April 26, 2020, iOS/iPadOS/tvOS 14.5 and the enforcement of the AppTrackingTransparency (‘ATT’) go into effect.

Read more about this on Steve Roosa and Daniel Rosenzweig’s blog post on NT Analyzer.… Continue Reading

NYDFS settles cybersecurity regulation matter for $3 million

By David Kessler (US) and Susan Ross (US) on April 22, 2021 Posted in Cybersecurity, Data breach, Regulatory response

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. (NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020.… Continue Reading