Tag archives: Privacy

Schrems Counterpoint: ECJ has good reasons to reject Safe Harbor invalidation

Data Protection Report - Norton Rose FulbrightThe European Court of Justice (ECJ) is expected to rule on Case C-362/14 (the “Schrems” case) on October 6, 2015.  In deciding whether to reject or adopt its Advocate General’s recommendation to invalidate the US-EU Safe Harbor, the ECJ finds itself between the proverbial rock and a hard place. Rejecting the Safe Harbor would lead to uncertainty in the ongoing … Continue reading

European Court of Justice Advocate General’s Advisory Opinion in Schrems case questions validity of personal data transfers under EU/US Safe Harbor framework

Data Protection Report - Norton Rose FulbrightOn September 22, 2015,  the European Court of Justice (“ECJ”) Advocate General issued an advisory Opinion in Case C-362/14 (the “Schrems” case). A key recommendation was for the ECJ to declare the EU/US Safe Harbor Agreement invalid. It remains to be seen whether the ECJ will follow this recommendation. The controversial nature of the Safe … Continue reading

Dutch Data Protection Authority publishes consultation version of guidelines on breach notice law

Data Protection Report - Norton Rose FulbrightOn the heels of the enactment of the Dutch breach notice law, the Dutch Data Protection Authority (CBP) published a consultation document with draft guidelines on the breach notice obligation of data controllers in the Netherlands. Under the law, data controllers are required to provide notice of data breaches to the CBP and, under certain circumstances, to … Continue reading

Former Privacy Commissioner of Canada Jennifer Stoddard to headline a privacy event at Norton Rose Fulbright’s Montreal office

Data Protection Report - Norton Rose FulbrightOn September 25, 2015, Jennifer Stoddard will visit Norton Rose Fulbright in Montreal to discuss the proposed sweeping reforms to Quebec’s legislation governing access to information and protection of personal information in the public sector. These reforms include proactive publication of government information at all levels, including studies and statistics in health and education and … Continue reading

Canada’s federal, British Columbia and Alberta privacy commissioners issue BYOD guidance

Data Protection Report - Norton Rose FulbrightAs the line between work and home becomes increasingly blurred, the federal, British Columbia and Alberta privacy commissioners have issued joint guidelines to help organizations reduce the risks of privacy breaches with respect to employers’ data accessed from employee-owned devices (EODs), while also securing employees’ privacy rights regarding any personal information stored on EODs.… Continue reading

The Security, Privacy and Legal Implications of the Internet of Things (“IoT”) Part one – The Context and Use of IoT

Data Protection Report - Norton Rose FulbrightDisrupted, yet again. The world is fast preparing for the invasion of objects connected to the Internet, otherwise known as the Internet of Things (“IoT”). IoT is here, and it will revolutionize how both individuals and corporations interact with the world.  In this multi-part series we will explore this quickly evolving revolution and the privacy … Continue reading

Energy cybersecurity – a critical concern for the nation

Data Protection Report - Norton Rose FulbrightWe have long recognized that effects of cyber-attacks are not limited to the virtual space, and can affect our physical environment. For example, a stolen trade secret may lead to a competitor who copies the design, to lost sales, to lost jobs. However, the relationship between cybersecurity and physical security is far more direct and … Continue reading

Ontario Court of Appeal finds patients’ common law privacy rights not preempted by statute; allows class action to proceed

Data Protection Report - Norton Rose FulbrightIn a recent case involving a breach of patients’ privacy rights — Hopkins v Kay,[i] — the Ontario Court of Appeal ruled that a proposed class action could proceed based on allegations of violation of patients’ common law privacy rights, concluding that those rights were not preempted by the Personal Health Information Protection Act (PHIPA). … Continue reading

German draft bill to authorize privacy “class actions”

Data Protection Report - Norton Rose FulbrightThe German government recently released a draft bill seeking to grant authority to the country’s consumer and business associations to enforce compliance with data protection laws. Because the proposed draft bill appears to have received support from the governing parties, we believe there is a high probability of the bill being enacted in the near … Continue reading

White House presses for robust sharing of cyber-threat information

Data Protection Report - Norton Rose FulbrightOn February 13, 2015, President Obama spoke forcefully on cybersecurity threats at the Cybersecurity and Consumer Protection Summit, and signed an Executive Order designed to encourage the sharing of cyber-threat information through the formation of “hubs” – Information Sharing and Analysis Organizations (ISAOs). The President observed that much of the United States’ critical infrastructure runs … Continue reading

Importance of data privacy and transparency in the UK highlighed by Investigatory Powers Tribunal decision

Data Protection Report - Norton Rose FulbrightA recent landmark ruling from the UK’s Investigatory Powers Tribunal has highlighted the growing importance the UK courts place on data privacy and transparency. It is the first occasion that the Investigatory Powers Tribunal has upheld part of a complaint against the intelligence agencies since it was set up in 2000. On February 6, 2015 … Continue reading

Privacy action in Russia indicates enforcement focus on Western companies

Data Protection Report - Norton Rose FulbrightAccording to news reports in Russia, the Russian Federation’s data protection authority – Roscomnadzor – may be targeting Western companies for enforcement action. What appears to be the first enforcement action of this kind is directed at Twitter. At the heart of the action is an assertion by the head of Roscomnadzor that, while Twitter … Continue reading

SEC’s cyber preparedness priorities on display in the agency’s cybersecurity examination initiative

Data Protection Report - Norton Rose FulbrightLast week, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert that summarized findings from the agency’s examinations of the practices employed by financial service firms to address cybersecurity risks. The focus and results of the OCIE’s evaluation offer firms insight into the types of information security and … Continue reading

Anthem breach poses significant cybersecurity risks for Anthem’s customers; may trigger legal obligations

Data Protection Report - Norton Rose FulbrightOrganizations whose employees are insured by Anthem or whose self-insured health plans are administered by Anthem should consider steps to mitigate the cybersecurity and legal risk arising from the breach recently reported by Anthem. The hackers who perpetrated the Anthem breach are likely to use the personal information they took for further cyberattacks against affected … Continue reading

China requires providers to enforce real-name registration and ban on “harmful” usernames

Data Protection Report - Norton Rose FulbrightThe Cyberspace Administration of China announced on February 4, 2015 new regulations requiring Internet users to register accounts under their real names for social network sites like blogs, discussion forums, comment sections, instant messaging, and related services. The rules impose the obligation to enforce the restrictions on affected businesses, including Western companies operating in China. The new regulations come … Continue reading

Cybersecurity incident notification bill introduced in the Netherlands

Data Protection Report - Norton Rose FulbrightOn January 22, 2015, the Netherlands proposed legislation introducing breach notification requirements for critical infrastructure industries, including utilities (electricity, gas and drinking water), telecom, financial services, government (surface-water management bodies) and transport (main ports Rotterdam and Schiphol airport). The proposed law would require notification in the event of a breach of security or loss of … Continue reading

Employee privacy regulations on the agenda for Abu Dhabi Global Market

Data Protection Report - Norton Rose FulbrightOmnibus data privacy laws are few and far between in the Middle East. None of the six states of the Gulf Co-Operation Council (GCC)—which comprises Saudi Arabia, Kuwait, Oman, Qatar, Bahrain and the United Arab Emirates—have issued national privacy legislation, although several have draft regulations under consideration. By contrast, the financial “free zone” jurisdictions of … Continue reading

Encryption of patient personal information to be the law of the land in New Jersey

Data Protection Report - Norton Rose FulbrightFollowing a number of reports of theft and misplacement of computer disks, laptops, and thumb drives containing unencrypted patient information from New Jersey medical centers, the New Jersey state legislature enacted a law on January 9, 2015, which prohibits health insurance carriers from electronically compiling and maintaining certain patient information unless that information has been … Continue reading

FTC issues new privacy and security report on the internet of things

Data Protection Report - Norton Rose FulbrightIn advance of what will likely be a flood of interconnected devices to soon hit the market, the Federal Trade Commission (“FTC”) today announced the release of a new report on the Internet of Things (the “Report”).  Focusing on privacy and security, the FTC makes several suggestions to companies developing Internet of Things devices that are marketed … Continue reading

FTC Commissioner Julie Brill to lead a privacy roundtable at Norton Rose Fulbright

Data Protection Report - Norton Rose FulbrightOn January 30, 2015, Norton Rose Fulbright New York City office will host FTC Commissioner Julie Brill for a privacy roundtable. As part of the IAPP KnowledgeNet lecture series, Commissioner Brill will address privacy topics that will be in focus for 2015: Big Data, its fair use and effects on consumers, the privacy issues raised by … Continue reading

California enacts “Right to be Forgotten” for Minors

Data Protection Report - Norton Rose FulbrightFollowing Europe’s recognition of the “right to be forgotten” online, California has enacted its own version of the requirement, though limited to the state’s residents who are minors under 18 (“Minors”). The California law (Cal. Bus. & Prof. Code §§ 22580-81), which became effective January 1, 2015, applies to websites, social media sites, mobile apps … Continue reading
LexBlog