Tag archives: cyber

Managing AI risks and legal implications, effective cybersecurity, ensuring privacy and the integrity of organizational records

Coloured lightsIn a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit. Our leading lawyers were joined by prominent industry leaders … Continue reading

PART II: Legislative advances in the world of artificial intelligence, Canada

Motherboard curcuitOn October 5, the Minister of Innovation, Science and Industry (ISED) wrote a letter to the Standing Committee on Industry and Technology proposing amendments to Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022. Further information on AIDA can be found in our previous update. The letter … Continue reading

Advances in artificial intelligence legislation in Canada (Part I)

Motherboard circuitOn September 27, the Minister of Innovation, Science and Industry released a voluntary code of conduct specific to generative AI. This GenAI code follows the proposed Artificial Intelligence and Data Act (AIDA), which was introduced as part of Bill C-27 in June 2022 but will not likely be in force until 2025. Beyond risk mitigation, … Continue reading

2023 Technology privacy and cybersecurity summit | 1 November 2023

Coloured lightsNorton Rose Fulbright Canada invites you to our annual technology, privacy and cybersecurity virtual summit. Navigating the evolving world of technology is not easy for companies today. From AI to effective company records management, privacy considerations, and cybersecurity breaches, there’s a lot to consider as businesses work to maximize operational effectiveness and minimize risk. Join … Continue reading

Proposed “Cyber Incident Reporting for Critical Infrastructure Act of 2021”

On August 27, 2021, the U.S. House Homeland Security Committee released a draft bill that would, among other things, establish a Cyber Incident Review Office (CIR Office) within the Cybersecurity and Infrastructure Security Agency (CISA), which is part of the U.S. Department of Homeland Security (DHS), and require critical infrastructure owners and operators to report … Continue reading

The CNIL publishes new guidelines on cookies and other similar technologies

Data Protection Report - digital privacy, CCPA and cybersecurityOn 4 July 2019, the CNIL published new guidelines on cookies and other similar technologies, repealing its 2013 cookie guidance in order to align its position with the GDPR’s new requirements on consent. These guidelines will be supplemented during the first quarter of 2020 by sectoral recommendations aimed at providing practical guidance to stakeholders on … Continue reading

ICO blog post on AI and solely automated decision-making

Data Protection Report - Norton Rose FulbrightThe ICO has published a blog post on the role of “meaningful” human reviews in AI systems to prevent them from being categorised as “solely automated decision-making” under Article 22 of the GDPR. That Article imposes strict conditions on making decisions with legal or similarly significant effects based on personal data where there is no … Continue reading

Pennsylvania Supreme Court holds common law duty for employers extends to protecting sensitive employee information

Data Protection Report - Norton Rose FulbrightOn November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. … Continue reading

UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK

Data Protection Report - Norton Rose FulbrightThe UK NIS Regulations (implementing the NIS Directive) come into force in the UK today (10 May 2018). These Regulations have received limited press attention, in part due to the emphasis that has been placed on GDPR implementation. However, the NIS Regulations represent a significant change in the legal environment relating to cybersecurity in the … Continue reading

NIS Directive Published: EU Member States Have Just Under Two Years to Implement

Data Protection Report - Norton Rose FulbrightThe Directive on Security of Network and Information Systems (known as the NIS Directive) was published in the Official Journal of the European Union on July 19, 2016. Member States will have until May 9, 2018 to implement this Directive into national laws and a further six months to identify “operators of essential services.” Summary … Continue reading

Council and European Parliament reach agreement on NIS Directive

Data Protection Report - Norton Rose FulbrightOn December 7, 2015, the Council of the European Union (the Council) reached an informal agreement with the European Parliament on a new EU directive on network and information security (NISD). The agreement marks the conclusion of two years of work, since the European Commission (the Commission) and the High Representative of the European Union … Continue reading

NLRB asserts employers must bargain with unions on breach response

Data Protection Report - Norton Rose FulbrightThe U.S. National Labor Relations Board (NLRB) recently filed complaints against the United States Postal Service (USPS), alleging that the USPS violated the National Labor Relations Act (NLRA) by failing to collectively bargain with its employees’ union regarding the postal service’s response to a 2014 data breach that reportedly affected over 800,000 current and former … Continue reading

Energy cybersecurity – a critical concern for the nation

Data Protection Report - Norton Rose FulbrightWe have long recognized that effects of cyber-attacks are not limited to the virtual space, and can affect our physical environment. For example, a stolen trade secret may lead to a competitor who copies the design, to lost sales, to lost jobs. However, the relationship between cybersecurity and physical security is far more direct and … Continue reading

White House presses for robust sharing of cyber-threat information

Data Protection Report - Norton Rose FulbrightOn February 13, 2015, President Obama spoke forcefully on cybersecurity threats at the Cybersecurity and Consumer Protection Summit, and signed an Executive Order designed to encourage the sharing of cyber-threat information through the formation of “hubs” – Information Sharing and Analysis Organizations (ISAOs). The President observed that much of the United States’ critical infrastructure runs … Continue reading

SEC’s cyber preparedness priorities on display in the agency’s cybersecurity examination initiative

Data Protection Report - Norton Rose FulbrightLast week, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert that summarized findings from the agency’s examinations of the practices employed by financial service firms to address cybersecurity risks. The focus and results of the OCIE’s evaluation offer firms insight into the types of information security and … Continue reading

Just what the doctor ordered: President outlines national breach law proposal

Data Protection Report - Norton Rose FulbrightLeading up to the President’s State of the Union, the White House previewed several potentially sweeping cybersecurity initiatives—including a proposed federal law that would create a single national breach notification standard, entitled the Personal Data Notification & Protection Act (the “Act”). The President argued that the proposed law will benefit consumers and alleviate the confusion … Continue reading
LexBlog