Archives: Privacy and Data Security

Subscribe to Privacy and Data Security RSS Feed

CASL made clearer: CRTC releases its first compliance and enforcement decision under Canada’s Commerce Messages Law

Written by Kelly Friedman, Tamara Hunter and Jim Halpert The Canadian Radio-Television and Telecommunications Commission (CRTC) has issued its first Compliance and Enforcement Decision for violation of Canada’s anti-spam legislation (CASL). Until now, CRTC CASL enforcement actions have taken the form of settlements reached in confidential negotiations between the  Enforcement Branch and the company. But this decision, … Continue Reading

Managing third parties under the Privacy Shield needs care

Written by Rena Mears, Ryan Sulkin, Eric Roth and Jim Halpert Controllers need to negotiate contract terms with third-party controllers and processors that are consistent with the controller’s obligations under the Shield. By Rena Mears, Ryan Sulkin, Eric Roth and Jim Halpert. The Privacy Shield’s heightened infrastructure, regulatory, and documentation requirements present participating companies with … Continue Reading

FCC Adopts Broadband Privacy Rules

Written by Sydney White Today the Federal Communications Commission (FCC) approved new privacy rules for mobile and fixed broadband ISPs by a vote of 3-2. The rules seek to harmonize the requirements for ISPs with current FCC CPNI rules that restrict usage of customer data by telecommunications carriers. The rules are broader than FTC privacy standards. In … Continue Reading

EUROPE: ECJ – Dynamic IP addresses may constitute personal data

Written by Jan Pohle and Jan Spittka In its landmark decision in the case Breyer v. Federal Republic of Germany (decision dated 19 October 2016, case number C-582/14), the European Court of Justice (ECJ) not only ended the long and tricky debate whether dynamic IP addresses constitute personal data even if the data controller processing … Continue Reading

NTIA IoT Workshop

Written by Sydney White In response to comments on the National Telecommunications & Information Administration (NTIA) IoT Request for Comment (RFC) and the Stakeholder Engagement on Cybersecurity in the Digital Ecosystem RFC in 2015, NTIA held a workshop on “Fostering the Advancement of the Internet of Things” September 1.  The workshop  continued the process of … Continue Reading

Belgian Privacy Commission issues a 13 steps plan for companies preparing for GDPR compliance

Following a series of guidance published by fellow national DPAs, the Belgian Privacy Commission launched a 13 step GDPR-readiness roadmap helping companies processing personal data to start preparing themselves. The Privacy Commission will also create a GDPR-themed section on its website where data controllers and processor can consult additional guidelines, instruments and frequently asked questions. … Continue Reading

HONG KONG – HONG KONG’s Privacy Commissioner addresses privacy compliance and best practice for BYOD

Written by Scott Thiel Following the publication of industry-specific BYOD guidelines such as those issued by the Hong Kong Association of Banks (the “HKAB Guidelines“), the trend towards Bring Your Own Device (“BYOD“) has come to the attention of Hong Kong’s Privacy Commissioner. The Commissioner published an information leaflet on 31 August 2016 (the “Information … Continue Reading

New York proposes cybersecurity regulation aiming to protect financial services companies from criminal enterprises

Written by Jim Halpert and Michael Schearer The New York State Department of Financial Services (NYDFS) has set forth a proposed cybersecurity regulation for financial service companies. Announced this week by New York  Governor Andrew M. Cuomo, the proposed rule seeks to protect both consumer data and financial systems from terrorist organizations and other criminal … Continue Reading

Singapore’s enforcement of data protection law on the rise

Written by: Scott Thiel and Carolyn Biggs Singapore’s Personal Data Protection Commission (PDPC) is stepping up its efforts to enforce the Personal Data Protection Act 2012 (PDPA). Following the release of its first nine enforcement decisions in April this year, the PDPC has published a further enforcement decision in June and two decisions in July, … Continue Reading

SINGAPORE: Monetary Authority of Singapore outsourcing guidelines 2016

Written by Scott Thiel The Monetary Authority of Singapore (MAS) has published its new and replacement Guidelines on Outsourcing on 27 July 2016. The Guidelines are intended to provide comprehensive guidance over the risk management practices that should be adopted by financial institutions in handling outsourcing arrangements. Businesses operating in Singapore that have entered into … Continue Reading

Final Privacy Shield: How it Changed and What It Means for Businesses

On August 1st, the U.S. Department of Commerce will begin accepting applications for Privacy Shield certifications. For US organizations collecting employee and customer data from the EU, the past year has been an anxious one, as the European Court of Justice invalidated the EU-US Safe Harbor program in October 2015 and the terms of a … Continue Reading

Risks in Interbank Messaging Platforms – Lessons Learned for Non-banks

Written by James Duchesne As detailed in press reports over the past several months, sophisticated hackers have used trusted interbank messaging systems to initiate fraudulent transactions resulting in the theft of tens of millions of dollars. Hackers using stolen credentials accessed secure messaging systems to initiate fraudulent transfers after hours, making them appear to come … Continue Reading

Written by Scott Thiel, Julia Gorham, Anita Lam and Nicholas Boyle Wearable devices’ – such as fitness trackers, wristbands, access cards – are an increasingly popular technology. Market researchers have estimated that some 21 million wearable devices were sold in 2014 (The Economist,14 March 2015, citing research by IDC). In the US, approximately 90% of … Continue Reading

New Data Breach Notification Law in Nebraska

Written by Anne Kierig An amendment to Nebraska’s data breach notification law, signed by the Governor earlier this month and effective July 20, 2016, makes key changes to the state’s notification regime.  First, the law expands the definition of “personal information” to include “a user name or email address, in combination with a password or … Continue Reading

NTIA Seeks Comment on IoT Issues

The National Telecommunications and Information Administration (“NTIA”) has sought comment on a broad range of issues related to the advancement and regulation of the Internet of Things (“IoT”), including technological challenges/benefits of IoT, definitional issues, privacy, and cybersecurity related issues, among others. NTIA will use the information to produce a “green paper” in which it intends … Continue Reading

EUROPE: The Applicability Of EU Data Protection Laws To Non-EU Businesses

Written by Carol Umhoefer (Carol.Umhoefer@dlapiper.com) and Caroline Chancé (Caroline.Chance@dlapiper.com). This article first appeared in E-Commerce Law and Policy – volume 18 issue 03 (March 2016). On December 16, 2015, the Article 29 Data Protection Working Party (“WP29″) updated their Opinion 8/2010[1] on applicable law in light of the landmark decision Costeja v. Google[2] rendered by … Continue Reading

US COMMERCE DEPARTMENT, EC RELEASE PRIVACY SHIELD DETAILS; EC RELEASES ADEQUACY DECISION ON SHIELD’S PROTECTIONS

On February 29, 2016, the Department of Commerce and European Commission released the details of the new US-EU Privacy Shield program, intended to replace the now defunct US-EU Safe Harbor program. According to the materials released, the new program includes an expanded set of privacy principles, increased operational vetting to be conducted by the Commerce … Continue Reading

UAE: The intersection between UAE privacy laws and new technologies

Eamon Holley, Legal Director at DLA Piper Middle East (Dubai), spoke on Dubai Eye’s “The Agenda” radio show on February 2, 2016. On the show, he discussed how UAE privacy laws are intersecting with new technologies and innovations, such as cameras on drones, cameras in taxis, and dashcams. To access a recording of this segment, … Continue Reading
LexBlog