Category

Enforcement

01 August 2017

CJEU Rules on EU-Canadian Passenger Name Record Agreement; Data Retention Possible; Detailed Court Scrutiny to Ensure Proportionality

On 26 July 2017, the Court of Justice of the EU (“Court”) issued its Opinion on the proposed EU-Canada Agreement on the transfer and processing of Passenger Name Record data (“PNR Data”).  The opinion, issued by the Court’s Grand Chamber, confirms that the Court accepts the necessity of processing large amounts of personal data to protect against terrorism in general.  However, in order to ensure compliance with the EU Charter of Fundamental Rights (“the Charter”), the Court will scrutinize the details of any EU legislative act to ensure that no data are retained or accessed without a clear link to the underlying justification of combating terrorism. (more…)

SHARE
EmailPrintShare
21 July 2017

The Belgian Data Protection Authority Publishes Guidance on Records of Processing Activities Under the GDPR

The Belgian Commission for the Protection of Privacy (“Privacy Commission”) has recently published guidance on Article 30 of the GDPR which contains the obligation for data controllers and processors to record their processing activities.

This record will have to be up-to-date by 25 May 2018 and readily made available to the regulator should it ask to view it. (more…)

SHARE
EmailPrintShare
14 July 2017

Federal Agencies Focus on Risks, Guidance for Internet of Things

Businesses and consumers are increasingly using Internet of Things (“IoT”) devices to communicate and process quantities and types of information that have never before been captured.  In response, more federal agencies are turning their attention to the potential risks, and developing guidance for the deployment of IoT technologies.  The latest to weigh in on risks include the Governmental Accountability Office and the Department of Commerce. (more…)

SHARE
EmailPrintShare
07 July 2017

BBC Publishes Article Describing GDPR Panic Among Businesses

Today the BBC published a news article on the panic many businesses are now in over the imminent implementation of the GDPR in May 2018.

According to the BBC article, some research indicates just 29% of UK businesses have begun to prepare for the GDPR. Another forecast was that European financial institutions could face fines of nearly €5 billion in the first 3 years following the GDPR’s coming into force. (more…)

SHARE
EmailPrintShare
26 June 2017

NYDFS Issues FAQs for Recently Issued Cybersecurity Regulations

On June 20, 2017, the New York State Department of Financial Services (“NYDFS”) expanded its set of frequently asked questions (“FAQs”) and answers concerning its recently finalized Cybersecurity Regulations (23 NYCRR 500.01), which set forth minimum requirements for NYDFS-regulated entities to address cybersecurity risk.  The now 17 questions included in the release address the types of entities that fall within the scope of the Regulations, the notice requirements attending a Cybersecurity Event (as defined in the Regulations), the annual certification requirement, and additional specific elements of the rules. (more…)

SHARE
EmailPrintShare
15 June 2017

CFTC Approves Amendments to Recordkeeping Rules

On May 23, 2017, the Commodity Futures Trading Commission (CFTC) unanimously approved proposed amendments to the recordkeeping obligations set forth in CFTC Regulation 1.31 (Recordkeeping Rule) which is applicable to all CFTC registered entities and other persons required to maintain records under the Commodity Exchange Act (CEA). The final amendments are intended to modernize the Recordkeeping Rule by making the form and manner in which regulatory records must be kept technology-neutral. The amendments provide recordkeepers with greater flexibility regarding the retention and production of CFTC regulatory records. The CFTC indicated that it does not believe the amendments impose any new recordkeeping requirements on any recordkeeper, and existing recordkeeping methods remain valid for compliance with the amended Recordkeeping Rule should a recordkeeper choose not to take advantage of the less-prescriptive, principles based approach of the amended Recordkeeping Rule. The final amendments also reorganized the Recordkeeping Rule for ease of understanding, including by adopting new definitions. The amendments represent a long-awaited and generally positive modernization of important CFTC rules that have often frustrated market participants. The effective date for the amended Recordkeeping Rule is August 28, 2017. (more…)

SHARE
EmailPrintShare
01 June 2017

English High Court Limits Scope of Privilege for Documents Generated During the Course of Internal Investigations

The English High Court recently handed down a judgment which limits the circumstances in which companies will be able to assert legal professional privilege in documents created as part of an internal investigation into potential criminal activity. The Court ruled that a claim for litigation privilege in the context of a criminal investigation will only be valid where, at the time that the relevant documents were created, the prospective defendant has sufficient knowledge about the matter to believe that there is a realistic prospect that a prosecutor will have enough material to proceed with a prosecution. The belief that a prosecutor will commence an investigation into a company is not sufficient to establish a claim for litigation privilege. The judge’s narrow interpretation of legal advice privilege also means that notes of interviews with employees will generally not attract privilege unless they provide “clues” as to aspects of legal advice given to the company. (more…)

SHARE
EmailPrintShare
30 May 2017

Money Laundering Regulations 2017: Preparing for the UK’s New Customer Due Diligence Regime

The UK is expected to introduce its updated customer due diligence regime with effect from June 26 or shortly thereafter. The changes are wide-ranging and will affect virtually all financial services firms doing business in the UK.

The Government has published a near-final draft of the new legislation. To the extent they’ve not already started, affected firms should be planning for the changes that will be required to their existing policies, procedures and systems.

In this post, we highlight the key issues for financial services firms, and propose a series of action points that they may wish to consider over the next month as they move to implement the new requirements. (more…)

SHARE
EmailPrintShare
30 March 2017

Italian DPA Imposes Largest Ever Fine Imposed by a European Data Protection Authority: UK Payments Company Found to Have Breached Consent and Other Rules

On February 2, the Italian Data Protection Authority, known as the “Garante,” imposed a fine of EUR 5,880,000 on a UK money transfer company that it found to be in violation of Italian data privacy rules. This is the largest ever publicly-known fine imposed by an EU data protection authority, and it approaches the level of fines that are likely to be imposed under the EU’s General Data Protection Regulation (“GDPR”) that will come into force in May 2018. Although the GDPR is not yet in force, the Garante’s enforcement action shows that European data protection authorities are willing to levy the kind of fines allowed by the GDPR.

(more…)

SHARE
EmailPrintShare
17 March 2017

NAIC creates new Innovation and Technology (EX) Task Force

The National Association of Insurance Commissioners (NAIC) has created a new task force to monitor technology, data collection and Cybersecurity developments in the insurance industry.  The Innovation and Technology (EX) Task Force (IT Task Force) was formed on March 9, 2017 and reports directly to the NAIC’s Executive Committee.  The  IT Task Force will appoint and oversee the work of the following NAIC groups:  the Big Data Working Group, the Cybersecurity Working Group and the Speed-to-Market Working Group.  According to the NAIC’s March 9, 2017 press release, the IT Task Force’s purpose is to help insurance regulators stay informed about technology-related developments, products and services in the insurance industry, including start-up companies, and to ensure they meet consumer expectations and ensure consumer protections.  The press release notes that annual investment in insurance technology (InsurTech) has increased to more than $2.5 Billion and continues to grow.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator