You are here
Home > News > Cyberlaw

CCPA Final Proposed Regulations Filed

The general advice is "Use GDPR as your base and tweak for each jurisdiction". We're almost there for California in terms of the tweaks. Watch for more articles analysing what is means for businesses operating in this market...: [...] The Attorney General, in a statement filed with the regulations, requested expedited review of the regulations, despite the additional time provided by the Executive Order. The statement cited the CCPA’s July 1, 2020 statutory deadline to final

Zoom Successfully Addresses New York’s Privacy and Security Concerns

Zoom have managed to weather the storm of security and privacy concerns pretty well...: A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom, as it becomes a significant part of American daily life during the COVID-19 pandemic. Among those legal issues was an inquiry by the New York State Attorney General into Zoom’s privacy practices, and particularly into its measures to detect and prevent hackers or other outside parties attempt

New China National Security Law

Expect this to affect privacy and data security legislation, but we can't say how until we see the text of the legislation...: [...] The text of the proposed legislation (the “National Security Law”) is not publically available or, in all likelihood, settled yet. As a next step, the Standing Committee will need to finalize and approve the legislation. We understand that this could happen as soon as the next Standing Committee session in late June (according to the reported c

GDPR at two: How far we’ve come, how far we still have to go

I'll add to the point made by the man from Dell: GDPR shouldn't be a "compliance tick box". If you're going to be spending on compliance then it would be sensible to go all-in and really adopt the mantra of "Data protection by design and default" and use it to differentiate your business against those who want to play fast and loose with personal information...: [...] Dell Technologies’ Mallon says the second anniversary of GDPR is a great opportunity to reflect on what can

Security From Afar: How Best to Protect Trade Secrets in a World of Remote Working, Zoombombing, and Uncertainty

A lawyer's view of the impact of social distancing on the protection of trade secrets. This should be baked in to your Acceptable Use Policy and reinforced through your training and awareness program (you've got both of those, right?)...: [...] So what’s an employer to do, in light of these challenges? It is often not reasonable or even possible to avoid discussion of a business’s trade secrets. And many employers will not feel comfortable mandating in-person meetings anytim

Member State Implementation of the EU 5G Toolbox: Legal Issues Raised

On my first read-through of this document I couldn't see anything that is 5G specific, except the section about Huawei “HIGH-RISK” VENDORS...: In January 2020, the European Commission endorsed the Toolbox of mitigating measures agreed by the Member States of the European Union to address security risks related to the rollout of 5G. The protection of national security, and cybersecurity in particular, are unquestionably legitimate objectives. However, since protecting these i

FBI and CISA Issue Joint Warning to Academic Institutions and Research Organizations About Targeting of COVID-19 Research

This got a lot of coverage last week. Here's a link to the source documents...: On May 13, 2020, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a joint Public Service Announcement (PSA) about a threat to academic institutions and business entities engaged in COVID-19-related research and development entitled People’s Republic of China (PRC) Targeting of COVID-19 Research Organ

Bringing Your Business Online: Written Information Security Programs (WISPs)

The European equivalent is a "Privacy Impact Assessment" (PIA, sometimes DPIA). If you don't have one, you're living yourself wide open for the regulator to slap a fine on your business...: In the context of an online business, a WISP is not a small bunch of hay or straw. If your business has employees or customers in Massachusetts or Rhode Island, you must have a written information security program (WISP). Many other states have similar requirements. If your business (w

Germany’s data chief tells ministries WhatsApp is a no-go

Mixed messages here from WhatsApp in response to German concerns. I use WhatsApp and assume that the message is encrypted, but the metadata about who, when, and where are stored. If WhatsApp (or Facebook, or the security services...) want to check who I've been talking to then it's there in the logs. The same applies to any messaging app. The only alternative is to run your own messaging app, and the world has moved away from that...: [...] Data privacy commissioner Ulrich K

French DPA Issues Guidance Surrounding Practice of Web Scraping

TL;DR - not a good idea to buy or use mailing lists that have been scraped...: On April 30, 2020, the French data protection authority, the CNIL, published a guidance surrounding considerations behind what it calls “commercial prospecting,” meaning scraping publicly available website data to obtain individuals’ contact info for purposes of selling such data to third parties for direct marketing purposes.  The guidance is significant in two respects.  First, it speaks to the