In brief On 25 May 2021, the Singapore High Court provided long-awaited clarifications on the scope of private actions under the Personal Data Protection Act 2012 (PDPA). It was held that in order to succeed in a private action under the PDPA, the claimant must suffer loss or damage that falls within the common law heads of loss or damage (such as pecuniary loss, damage to property, and personal injury including psychiatric illness) directly as…
On June 12, 2020, the government of Quebec introduced Bill 64, An Act to modernize legislative provisions as regards the protection of personal information. The Bill proposes to modernize the existing framework applicable to the protection of personal information by amending various public, and private sector Quebec laws, to align closer with the requirements under the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the European General Data Protection Regulation. The Act respecting…
On February 7, 2020, the California Attorney General released its revised draft implementing regulations for the California Consumer Privacy Act. The revised regulations are not yet final. The California AG will accept written comments regarding the updated regulations until 5:00 pm (PST) on Tuesday, February 25, 2020. The following is a high-level overview of the key new requirements under the updated regulations that are important for businesses to consider in connection with their CCPA compliance…
Avid readers of this blog will know that shortly before the new year holidays advocate general Hendrik Saugmandsgaard Øe (a.g.) gave his opinion on how European Court of Justice (CJEU) should deal with the second Schrems case (Schrems II) on international data transfers. You’ll find the summary we wrote at the time here. This is the first in a series of blogs, on different impacts the opinion might have particularly on the available data transfer…
The Federal Trade Commission finalized a settlement with cloud software provider InfoTrax Systems, L.C. following claims that it failed to enact sufficient data security policies, enabling a hacker to access sensitive personal data. The security incident According to the FTC, a hacker was able to access InfoTrax System’s server over 20 times from May 2014 to March 2016, successfully obtaining sensitive personal data, which could be used to commit identity theft and fraud. The FTC…