Tag archives: personal information

COVID tracing & AI: Physically distant, socially together

By Daniel Daniele (CA) on November 18, 2020 Posted in Compliance and risk management, Data Transfer

Data Protection Report - Norton Rose Fulbright

As the second wave of COVID-19 spreads across Canada, the use of COVID-19 tracing apps is on the rise. For example, the Government of Canada released COVID Alert–an app using Bluetooth technology to help people report positive diagnoses, and control the spread of the virus. The success of the app depends on a high quantity … Continue reading

Mic Drop: California AG releases long-awaited CCPA Rulemaking

By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US), Anna Rudawski (US) and Max Kellogg (US) on October 11, 2019 Posted in CCPA, Compliance and risk management

Data Protection Report - digital privacy, CCPA and cybersecurity

On October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA). The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA. In the press … Continue reading

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

By Nadège Martin (FR) and Nilofar Moini Shabestari (FR) on July 8, 2019 Posted in Data breach, Enforcement

Following the now famous €50m fine imposed on Google LLC in January 2019,[1] the French Data Protection Authority (the CNIL) published a decision taken on 28 May 2019[2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.… Continue reading

Pennsylvania Supreme Court holds common law duty for employers extends to protecting sensitive employee information

By Andrea D'Ambra (US) and Max Kellogg (US) on December 7, 2018 Posted in Compliance and risk management, Data breach, General, Regulatory response

On November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. … Continue reading

California Consumer Privacy Act: Disclosure requirements

By Chris Cwalina (US), Jeewon Kim Serrato (US), Steve Roosa (US) and Tristan Coughlin* (US) on September 11, 2018 Posted in CCPA

This is the Data Protection Report’s fourth blog posts in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA. The California Consumer Privacy … Continue reading

GDPR is upon us: are you ready for what comes next?

By Jeewon Kim Serrato (US), Steven Hadwin (UK) and Marcus Evans (UK) on May 23, 2018 Posted in Compliance and risk management, Regulatory response

Norton Rose Fulbright - Data Protection Report blog

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. For many readers of this post, a huge amount of work will have been done in recent months in building up to compliance with the new regime. However, the challenges of GDPR certainly don’t end on the … Continue reading

California privacy initiative likely to increase costs of civil litigation if passed in November

By Spencer Persson (US) on April 23, 2018 Posted in Compliance and risk management

A little more than one month from implementation of GDPR, companies may be tempted to relax and exhale (and if GDPR is still causing you headaches, consult our checklist). After all, the U.S. couldn’t be crazy enough to implement something as onerous and difficult, right? RIGHT?!? Enter California, which appears likely to place an initiative … Continue reading

Ninth Circuit further entrenches circuit split over standing in data breach cases

By Spencer Persson (US) on March 20, 2018 Posted in Data breach, Dispute resolution and litigation

On March 8, 2018, the Ninth Circuit issued its highly anticipated decision in In re Zappos.com, Inc., finding that allegations of future risk of identity theft from a data breach are sufficient to confer standing. This decision fuels an ongoing circuit split, pitting the D.C., Sixth, Seventh and now Ninth Circuits against the Second, Fourth, … Continue reading

Amended Colorado bill aims to enhance data privacy laws

By on February 21, 2018 Posted in Regulatory response

As Data Protection Report posted on January 29, 2018, lawmakers in Colorado are considering legislation that, if enacted, would significantly strengthen Colorado’s data privacy protections. On Wednesday, February 14, 2018, an amended bill passed unanimously in Colorado’s House Committee on State, Veterans and Military Affairs.… Continue reading

South Dakota and Colorado strengthen data breach protections

By on January 29, 2018 Posted in Regulatory response

Last week, South Dakota moved closer to implementing a data breach notification law, while Colorado legislators introduced a new bill requiring “reasonable security procedures,” imposing data disposal rules and shortening the time frame in which to alert authorities regarding a breach. South Dakota and Colorado are the latest states taking steps in cybersecurity lawmaking in … Continue reading

Tennessee and Nebraska Amend Their Data Breach Notification Laws

By on May 5, 2016 Posted in Compliance and risk management, Data breach

Two states, Tennessee and Nebraska, have recently enacted changes to their data breach notification laws that will go into effect in July. Here’s what you need to know about each:… Continue reading

Senate passes cybersecurity bill, bringing immunity for sharing cyberthreat data closer to reality

By on November 2, 2015 Posted in Regulatory response

On October 27, 2015, the Cybersecurity Information Sharing Act of 2015 (CISA), passed the Senate, by a 74-21 vote. The bill’s passing by such an overwhelming majority is a crucial step towards the controversial CISA becoming law, with support from some security experts and to the chagrin of other privacy advocates.… Continue reading

Russia signs controversial “right to be forgotten” bill into law

By Vera Shaftan (RU) on July 23, 2015 Posted in Regulatory response

Russian President Vladimir Putin has signed into law the “right to be forgotten” legislation, which allows individuals in Russia to demand removal of a search engine’s links to personal information deemed irrelevant or inadequate. The law will go into effect on January 1, 2016.… Continue reading

Canada amends federal data protection law, PIPEDA

By on June 29, 2015 Posted in Regulatory response

On June 18, 2015, Canada’s Senate and House of Commons passed the Digital Privacy Act to amend the country’s federal Personal Information Protection and Electronic Documents Act (PIPEDA). Many of the amendments are scheduled to come into force on a date to be determined by the government. The revised requirements (highlighted below) will have a … Continue reading

Nevada amends data security law to expand definition of “Personal Information”

By on June 16, 2015 Posted in Regulatory response

On May 13, 2015, Governor Brian Sandoval of Nevada signed Assembly Bill No. 179 (“AB 179”) into law. AB 179 amends Nevada Revised Statutes § 603A.040, which defines “Personal Information” for Nevada’s laws on the security of personal information. This amendment will take effect on July 1, 2015.… Continue reading