Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key Takeaways
Posted in Cybersecurity, Data breachTag archives: data protection
Posted in Cybersecurity, Data breachCanada’s artificial intelligence legislation is here
Posted in GeneralEuropean rulings on the use of Google Analytics and how it may affect your business
Recent decisions out of the EU will impact the use of Google Analytics and similar non-European analytics services when targeting EU individuals, with the potential to put many organizations at risk of receiving GDPR fines. At issue was the transfer of personal data from the EU to the US through the use of Google Analytics. … Continue reading
Privacy in a Parallel Digital Universe: The Metaverse
Posted in General, Metaverse, PIPEDA, Privacy law
For many years, the immersive three-dimensional digital world has been left to the cinematic experience. However, the emergence of the metaverse presents an opportunity to translate everyday activities – working, attending a concert, travelling, shopping, socializing – into a parallel digital universe. The metaverse is an abstract concept that uses a digital environment to permeate … Continue reading
Privacy legislation reform: Bill 64 has now been passed
UK Government sets out proposals to shake up UK data protection laws
Posted in Compliance and risk management, General
On 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime. The deadline for responding to the consultation is 19 November 2021. In August, the Government announced that it intended to “seize the opportunity” afforded by the UK’s exit from the European Union to makes some … Continue reading
US SEC announces three actions charging firms for cybersecurity deficiencies
Posted in Cybersecurity, EnforcementGoogle/Android announces privacy requirements
Posted in NT Analyzer Blog Series
Google announced that it will follow industry standards with respect to privacy obligations.… Continue reading
Navigating Virginia’s new privacy law
Posted in NT Analyzer Blog Series
Virginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key. Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified … Continue reading
US banking regulators propose a rule for 36-hour notice of breach
Posted in Data breach
On December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within 36 hours of a “computer-security incident” that rises to the level of a “notification incident.” … Continue reading
Singapore’s Public Consultation on proposed changes to the Singapore Personal Data Protection Act
Posted in GeneralCalifornia AG Issues Significant Changes to Draft CCPA Regulations as of March 2020
Posted in CCPA
On February 7, 2020, and again on March 11, 2020, the Office of the Attorney General (OAG) issued revisions to the proposed California Consumer Privacy Act (CCPA) regulations, and there are some surprises in both the additions and in the deletions. For the CCPA regulations to become effective on July 1, the final regulation text … Continue reading
NYDFS Requires COVID-19 Plans by April 9
On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic. NYDFS requires the plans to be submitted by Thursday, April 9, … Continue reading
Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance
Posted in Cybersecurity
For some time, cyber exposure has been at or near the top of every major company’s risk register.… Continue reading
Personal data protection in the time of coronavirus (Covid-19)
Posted in Compliance and risk management
Outbreak of the coronavirus and personal data privacy The fast-spreading coronavirus (Covid-19) has infected thousands of people in China and in over 20 other countries. This coronavirus outbreak, originating in Wuhan, a large city located in the central region of China, has been declared a Public Health Emergency of International Concern (PHEIC) by the World … Continue reading
The CNIL releases draft practical guidance on cookies consent
Posted in Compliance and risk management
The CNIL has published draft recommendations on how to obtain consent when placing cookies. This is following the publication of its revised “Guidelines on the implementation of cookies or similar tracking technologies” which was published in July 2019 (see our article here). The objective of the recommendations is to provide stakeholders with practical guidance and … Continue reading
Interim proprietary injunction granted over bitcoin cyber extortion payment
Posted in CybercrimeAn interim proprietary injunction has been granted by the English High Court over a bitcoin ransom payment paid to a third-party wallet.… Continue reading
Turkish Data Protection Board announces extension of VERBİS registration deadline – once again
Posted in Regulatory responseRussian Data Localization law: now with monetary penalties
Posted in Compliance and risk management
On 2 December, a new law was introduced in Russia to enable substantial administrative fines to be imposed on organizations and individuals that fail to comply with data localization requirements. Both legal entities and responsible managers (e.g. the Data Protection Officer or the CEO) can be fined under the new regime.… Continue reading
First multi-million GDPR fine in Germany: €14.5 million for not having a proper data retention schedule in place
Posted in Enforcement
On October 30, 2019 the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit – Berlin DPA) issued a €14.5 million fine on a German real estate company, die Deutsche Wohnen SE (Deutsche Wohnen), the highest German GDPR fine to date. The infraction related to the over retention of personal … Continue reading
German Data Protection Authorities publishes a new GDPR model for fines
Posted in Enforcement
The German Datenschutzkonferenz (DSK), the joint body of the German data protection authorities, has just published the model which it intends to use to calculate fines pursuant to Article 83 of the GDPR.… Continue reading
No surprises in the recent Planet49 European Court of Justice judgment
Posted in Dispute resolution and litigation
On 1 October 2019, the European Court of Justice (ECJ) delivered its judgement on Case C – 673/17 (the “Planet49” case), which relates to the consent and transparency requirements for the use of cookies and similar technologies. The ECJ largely followed the March 2019 Opinion of Advocate General Szpunar and the judgment is generally consistent … Continue reading
Data protection and cyber risk issues in arbitration – dealing with regulation, cyber attacks and hacked evidence
Deadline extended for compulsory registration on Data Controller registry
Posted in Compliance and risk management
Obligations We previously reported that Turkey’s data protection legislation (TDPL) requires data controllers to notify the Turkish DPA of their processing activities. Unless exempt from the requirement, all data controllers (individuals and legal entities) who process personal data in Turkey must be registered with the Turkish DPA’s Register of Data Controllers Information System (VERBİS), prior … Continue reading
