Tag archives: data privacy

Privacy and Cybersecurity Due Diligence Considerations in M&A Transactions

Data Protection Report - Norton Rose FulbrightPrivacy and cybersecurity practices of target companies are being increasingly scrutinized throughout the due diligence process in M&A transactions. Particularly, buyers want to understand the risk and value inherent in sellers’ data assets and sellers want to manage transactional and post-closing risks. In the course of their privacy and cybersecurity due diligence, buyers should consider … Continue reading

OSFI’s Technology and Cyber Risk Management Guideline: Part 2

In July of this year, the Office of the Superintendent of Financial Institutions (OSFI) released the final version of its Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. FRFIs will need to ensure that they have taken steps to … Continue reading

Practical steps for businesses to comply with Bill C-27: Part 1

The House of Commons recently introduced Bill C-27, the successor to Bill C-11, which died on the docket when Parliament was dissolved in the fall of 2021. Bill C-27 introduces three new acts: the Consumer Privacy Protection Act (“CPPA”), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act (“AIDA”), which … Continue reading

Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways

On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta (OIPC) released its 2022 PIPA Breach Report.[1] The report analyzes the nearly 2,000 breach reports[2] received by the OIPC during   the ten year period since reporting was mandated in Alberta under the Personal Information Protection Act (PIPA)[3]. The PIPA Breach … Continue reading

European rulings on the use of Google Analytics and how it may affect your business

European rulings on the use of Google Analytics and how it may affect your businessRecent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading

Google Play Store Releases Data Safety Form

Android will adopt iOS-like privacy nutrition labels, called the “Data safety form,” starting April 2022. And according to Google, apps that fail to comply with this upcoming requirement may be “subject to policy enforcement, like blocked updates or removal from Google Play.” While it may be tempting to just repurpose the iOS nutrition labels, Google notes … Continue reading

Privacy legislation reform: Bill 64 has now been passed

Bill 64, which purports to modernise Québec’s privacy legislation, was recently passed. This sweeping reform of the province’s framework for processing personal information hinges on three main axes: increased obligations for enterprises that collect or otherwise process personal information, the creation of new rights for persons whose information is collected, and the imposition of far … Continue reading

PIPL: A game changer for companies in China

Data Protection Report - Norton Rose FulbrightChina passed its Personal Information Protection Law (PIPL) on 20 August 2021. This is China’s first omnibus data protection law, and will take effect from 1 November 2021 allowing companies just over two months to prepare themselves. The PIPL is a game changer for any company with data or business in China. It will add … Continue reading

China passes the Personal Information Protection Law

Data Protection Report - Norton Rose FulbrightChina passed its Personal Information Protection Law (PIPL) on 20 August 2021.  The new law will take effect from 1 November 2021 allowing companies just over 2 months to prepare themselves. The full text has not been made public yet. In addition, China published the Provisions on the Administration of Security of Automobile Data (For … Continue reading

Navigating Virginia’s new privacy law

NT Analyzer blog series, cookieVirginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key. Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified … Continue reading

Virginia’s new Consumer Data Protection Act

On March 2, 2021, the Governor of the Commonwealth of Virginia signed into law the Consumer Data Protection Act, which contains many elements of California’s Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). The new law goes into effect on January 1, 2023. But first, you need to determine whether the law … Continue reading

Bill C-11: Canada proposes new data privacy legislation

Norton Rose Fulbright - Data Protection Report blogOn November 17, 2020, the Minister of Innovation, Science and Industry, Navdeep Bains, tabled proposed legislation in Parliament that aims to overhaul Canada’s data privacy law. Bill C-11, entitled An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to … Continue reading

COVID tracing & AI: Physically distant, socially together

Data Protection Report - Norton Rose FulbrightAs the second wave of COVID-19 spreads across Canada, the use of COVID-19 tracing apps is on the rise. For example, the Government of Canada released COVID Alert–an app using Bluetooth technology to help people report positive diagnoses, and control the spread of the virus. The success of the app depends on a high quantity … Continue reading

NT Analyzer Webinar: Solving Apple’s new app privacy requirement

Solving Apple's New App Privacy RequirementPlease join us for an NT Analyzer Webinar, Solving Apple’s new app privacy requirement. Head of NRF Digital Analytics and Technology Assessment Platform for the US Steven Roosa and Associate Dan Rosenzweig as they walk through the upcoming Apple requirements, and showcase the NT Analyzer Apple dashboard solution.… Continue reading

How to process employees’ health data in France after lockdown: dos and don’ts for employers

Norton Rose Fulbright - Data Protection Report blogA few weeks ago, we provided you with a summary of the rights and obligations of employers with regard to the personal data of their employees during lockdown. On 11 May, many employees will return to their workplaces. Below you will find answers to the main questions you may have ahead as the end of … Continue reading

StopCovid: the French contact-tracing app

Norton Rose Fulbright - Data Protection Report blogFollowing the example of many European countries, the French government plans to introduce a contact tracing app, known as “StopCovid”.  The app is designed to be used by people once they leave the confinement of their homes with the aim of preventing the spread of COVID-19. StopCovid is being developed within the INRIA, the French … Continue reading

How contact tracing apps in Asia are being used to fight COVID-19 – is the reward worth the risk?

Data Protection Report - Norton Rose FulbrightThe COVID-19 pandemic has seen governments across the world restricting civil liberties and movement to unprecedented levels. To aid the safe lifting of current public health restrictions, new technologies are being developed and rolled out to automate labour intensive tasks critical to containing the spread of the virus, such as contact tracing. Contact tracing applications … Continue reading

Irish data protection authority launches new cookie guidance and indicates cookie investigations are on the horizon

Norton Rose Fulbright - Data Protection Report blogLast week, the Irish Data Protection Commission (“DPC”) published its much anticipated guidance note on cookies and similar tracking technologies (the “Guidance”).  It also published a report following a “cookie sweep” that took place between August 2019 and December 2019 of 38 data controllers (the “Report”).  The cookie sweep requested information from the data controllers … Continue reading

Obtaining and sharing employee health status information in a pandemic

Norton Rose Fulbright - Data Protection Report blogEmployers across the world are facing extremely difficult challenges in keeping their workplaces safe for their employees, contractors and visitors during the COVID-19 pandemic. Although the prevailing instinct is likely to be to protect and to prevent the spread of the virus at all costs, under data protection laws this still needs to be weighed … Continue reading
LexBlog