Topic: Data and cybersecurity

On 5 February 2025, the Advocate General of the Court of Justice of the European Union (CJEU) issued its opinion in the case of C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board (SRB) (Opinion).

On November 25, 2024, the New York State Department of Financial Services (“NYDFS”) announced it settled with two large insurance companies over allegations of inadequate data security practices in violation of New York’s cybersecurity regulation (23 NYCRR Part 500) (the “Cybersecurity Regulation”) that led to the compromise of more than 120,000 New Yorkers’ personal information.

On 9 October 2024 (appropriately, nine days into Cyber Month), the government introduced its long awaited, first ever draft cyber security legislation, in the form of the Cyber Security Bill 2024 (the Bill) to Parliament.

Norton Rose Fulbright Canada invites you to its leading annual technology, privacy, and cybersecurity virtual summit. Learn how to leverage AI for a competitive edge while mitigating its inherent risks.

On 17 October 2024, HM Treasury (HMT) issued a consultation paper (CP) which sets out the government’s approach to regulating buy now pay later (BNPL). This CP builds on HMT’s previous consultations that ran between February 2023 and April 2023.

On October 16, 2024, the New York Department of Financial Services (“NYDFS” or “DFS”) issued guidance raising awareness about combatting cybersecurity risks arising from artificial intelligence (“AI”) used by DFS licensees, such as insurers and virtual currency businesses. Risks revolve around both threat actors’ use of AI offensively and businesses’ increasing AI reliance. The short guidance acknowledges that many AI-related risks exist, focuses on those risks specific to cybersecurity, and highlights some of the NYDFS’s key risks

Please join us at our 12th Annual European Data Protection Conference.

The conference will take place in:

Frankfurt | Monday, September 30, 2024 | 11:00 – 14:30 CEST
Amsterdam | Tuesday, October 1, 2024 | 09:00 – 12:30 CEST
Paris | Wednesday, October 2, 2024 | 09:00 – 12:30 CEST
London | Thursday, October 3, 2024 | 09:00 – 12:30 BST

On 16 July 2024, the Malaysian Dewan Rakyat (House of Representatives of the Malaysian Parliament) passed the Personal Data Protection (Amendment) Bill 2024 (the PDP Bill). The PDP Bill, which had been under review by the Malaysian Government for some years, introduces significant changes to Malaysia’s Personal Data Protection Act 2010 (the Malaysian PDPA), aimed at aligning the Malaysian approach more closely with international data protection regimes.

In July 2023, the US Securities and Exchange Commission (SEC) finalized its rule requiring public companies to disclose material cybersecurity incidents under Item 1.05 of Form 8-K. Though materiality is not a new concept in SEC regulations, in the context of cybersecurity incidents, materiality assessments and disclosure practices are evolving areas with little practical precedent or guidance to draw upon. Fundamentally, an incident is considered material if “there is a substantial likelihood that a reasonable shareholder would consider it important” in making an investment decision.1 This includes assessing all relevant qualitative and quantitative factors, such as reputation, customer and vendor relationships, and competitiveness, in addition to financial and operational impacts, as well as potential litigation and regulatory actions.

The United States Federal Government is turning its attention to privacy and cybersecurity laws, and the result has been several recent legal developments that may have an impact on your business. Keeping up with these developments is not easy, so we’ve created a fun way to test your knowledge of the same.