Latest Posts
Search for:
Category

Data Privacy & Security

Category
In Data Privacy & Security

SEC’s Proposed Updates to Reg S-P: How Will This Impact Your Company?

by , , , and 6 Mins Read

In Brief On March 15, 2023, the US Securities Exchange Commission (“SEC”) proposed amendments to Regulation S-P (“Reg S-P”). If adopted, the amendments would introduce new data security and governance requirements for broker-dealers, investment companies, and investment advisers registered with the SEC. Background When the SEC first promulgated Regulation S-P in 2000, the goal was to ensure that covered entities establish adequate safeguards to protect customer information. The existing version consists essentially of two cornerstone…

In Data Privacy & Security

HR Implications of the Data Protection and Digital Information Bill (No. 2)

by and 8 Mins Read

The new Data Protection and Digital Information Bill (No. 2) (the “Bill”) has been widely publicised, particularly the government’s claimed saving to business of £4 billion over the next 10 years. The savings are to be achieved by removing barriers to “responsible innovation”. This article explores what that might mean from an HR and employment law perspective. Data Subject Access Requests (“DSARs”) Employees, like all data subjects, have the right to understand what data is processed…

In Data Privacy & Security

China proposes significant reorganization of data protection regulatory structure

by , , and 2 Mins Read

In Brief On March 7, 2023, China’s State Council unveiled plans to consolidate the country’s data protection functions into a single National Data Bureau to address the inconsistencies around the administration of China’s data and security laws. Background The privacy and security legal landscape in China has quickly evolved in recent years. The Cybersecurity Law (CSL) was adopted in 2017, and modified in 2022. The Personal Information Protection Law (PIPL) and the Data Security Law…

In Data Privacy & Security

UK Data Protection Reform – UK Government introduces second Data Protection and Digital Information Bill – what has changed and what has stayed the same?

by and 7 Mins Read

On 8 March the UK Government published a new Data Protection and Digital Information Bill (No. 2) (“New Bill”). This is a different Bill from the one that was introduced into Parliament last summer, the Data Protection and Digital Information Bill (“Original Bill”). Although the New Bill has been introduced separately into Parliament, the proposals in the New Bill are substantially the same as the Original Bill. Therefore, the proposals for UK data protection reform…

In Data Privacy & Security

European Data Protection Board Raises Concerns on Proposed Data Transfer Framework

by , , , and 3 Mins Read

In brief On February 28, 2023, the European Data Protection Board (“EDPB”) published its non-binding opinion on the European Commission’s draft adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). As we have previously written, the DPF is intended to re-establish one of the legal mechanisms for transfers of personal data from the European Union (“EU”) to the U.S. The DPF replaces the EU-U.S. Privacy Shield (“Privacy Shield”), which the EU Court of Justice (“CJEU”)…

In Data Privacy & Security

China Issues Standard Contractual Clauses, effective June 1

by , , , , , , and 5 Mins Read

In Brief On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Standard Contractual Clauses (SCCs) and SCC Measures for the cross-border transfer of personal data under the Personal Information Protection Law (PIPL). The SCCs provide a mechanism for businesses to transfer personal information from mainland China to other jurisdictions. China’s SCCs closely mirror the EU’s SCCs, which were updated in 2021, but feature several important distinctions described in…

In Data Privacy & Security

ICO issues update on change of approach to regulating communication service providers

by 2 Mins Read

The Information Commissioner’s Office (ICO) has published an update confirming its plans to cease enforcement of certain breaches of regulation 5A of the Privacy and Electronic Communications Regulations 2003 (PECR) against public electronic communications service providers (CSPs). Regulation 5A PECR requires CSPs to notify the ICO within 24 hours of becoming aware of a personal data breach. The ICO initially published a statement on 20 January 2023 which stated that it had decided to stop…

In Data Privacy & Security

My Health, My Data – Washington state privacy bill on consumer health data

by 6 Mins Read

Legislative activity in the U.S. state of Washington continues this year with numerous bills being considered. Businesses that process health data should follow the process of House bill 1155 (the My Health, My Data Act), which has been amended once and was approved in the House Committee on Civil Rights & Judiciary hearing on February 3, 2023. Who and what data are protected? The My Health, My Data Act protects as “consumers” Washington residents and…

Load More