As cyber security continues to make be headline news it is timely that on 7 May 2025 the UK government published a new voluntary Software Security Code of Practice: Software Security Code of Practice – GOV.UK This Code is designed to be complementary to relevant international approaches and existing standards and where possible reflects internationally … Continue Reading
As artificial intelligence becomes increasingly integrated into business operations, IT contracts covering the provision of AI systems are evolving to include critical safeguards. One emerging concept is the AI circuit breaker, a contractual mechanism that provides for an intervention, or override, where an AI system exhibits undesirable or harmful behavior. When contracting for AI, businesses … Continue Reading
Over the past several months, we have seen an increase in notices from alleged trademark firms. The emails are identical or substantially similar to the following: Hi [recipient], I hope this email finds you in good health. I am writing to you on behalf of the legal department of [Trademark Firm]. We have received an … Continue Reading
We are delighted to announce the launch of the new Squire Patton Boggs Security and Privacy // Bytes Blog. The Blog will feature regular posts from our Data Privacy and Cybersecurity team, highlighting key data privacy and cybersecurity developments across the globe, with analysis of the practical implications. Many posts will be dedicated to helping … Continue Reading
In anticipation of the coming into force of the General Data Protection Regulation (GDPR) exactly a year from today, we are initiating a series of blog posts looking at the practical implications for employers. This post looks at individual employees’ right of access to their personal data and takes the form of a Q&A addressing … Continue Reading
We’re officially at the one year mark before the EU General Data Protection Regulation (“GDPR”) comes into effect on May 25, 2018. In the last month many EU Member States have been busy proposing GDPR implementation bills, and this week the CNIL published a summary of the responses received to its consultation on profiling, consent, certification, and … Continue Reading
Australian businesses have been warned they can no longer keep quiet about cyber security breaches, after the Senate passed laws mandating their disclosure 15 years after they were introduced in the US. The long anticipated Privacy Amendment (Notifiable Data Breaches) Bill 2016 (Bill) was passed in the Australian Parliament on 13 February 2017. The Bill … Continue Reading
In March 2017, the ICO issued an update to its 2014 Report on Big Data in light of the imminent implementation of the GDPR. The updated ICO report has added a focus on artificial intelligence and machine learning to its discussion of big data. The ICO argues it is the combination of the three that … Continue Reading
The European Commission today published its formal proposal for a new regulation on e-Privacy (“ePR”), following publication of a leaked draft in late December 2016. The Commission also issued a communication on “Exchanging and Protecting Personal Data in a Globalised World”, a communication on “Building a European Data Economy” and a proposal for a Data … Continue Reading
In the aftermath of the Court of Justice of the European Union’s (“CJEU”) judgment invalidating Safe Harbor, on 16 December 2016 the European Commission published two decisions, changing its previous decisions on standard contractual clauses (“SCC”) and adequacy decisions on third countries. Arguably, the amendments have been made in order to minimise the risk of … Continue Reading
This week’s alert covers news from the UK and the USA. United Kingdom Investigatory Powers Act Challenged in Court of Justice for the European Union United States New York Department of Financial Services Issues Revised Cybersecurity Regulation Privacy Implications of 21st Century Cures Act Case Under Illinois Biometric Privacy Law Settled For more information on … Continue Reading
On October 7, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) published guidance (“Guidance”) on how cloud services providers (“CSPs”) and covered entities using cloud computing solutions can comply with the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (“HIPAA”). Over the last … Continue Reading
This week’s alert covers news from: UK ICO Issue Record Fine to TalkTalk ICO Commissioner’s First Speech in Offce Germany Baden-Württemberg Commissioner Presents Assessments of IoT Products International Company Sues Germany for Remote Signal Monitoring US Yahoo Discloses Data Breach – Questions Follow States Take DHS Up on Offer to Provide Election Cybersecurity Help Annette … Continue Reading
On October 5, 2016, in Nokchan v. Lyft, Inc, United States District Court for the Northern District of California dismissed Nokchan’s putative class action, finding his claim of privacy violations under the Fair Credit Reporting Act (“FCRA”) failed to meet the requirements of Article III standing established by Spokeo, Inc. v. Robins. This was because … Continue Reading
Data breach prevention and response are again at the forefront of the public consciousness with the recent news of a massive data breach by Yahoo. The call for federal breach notification legislation was revived by the FTC on September 27, 2016, five days after the Yahoo breach was announced. During testimony before the U.S. Senate Committee … Continue Reading
This week’s alert covers news from: UK Brexit Continues to Cast Shadows Over UK Future ICO Fines Two Companies a Total of £100,000 Information Rights Tribunal Reasserts Importance of Communicating Breaches to the ICO Germany Bavarian Data Protection Authority Releases App Inspection Catalogue Federal Ministry of the Interior Considers Extending Data Retention to Messenger Services … Continue Reading
On 17 May 2016, the Council of the European Union formally adopted the Network and Information Security (NIS) Directive at first reading, paving the way for its final adoption and entry into force in August 2016. What is the NIS Directive? The Directive aims to step up the security of network and information systems across … Continue Reading
The U.S. Federal Trade Commission (“FTC”) is the federal agency that is charged with enforcing laws to protect consumers from fraudulent, deceptive, and unfair business practices. Over the past several years, one of the FTC’s focuses has been on companies with allegedly deficient cybersecurity protections. On August 24, the Third Circuit confirmed the FTC’s authority to rule … Continue Reading
This week’s alert covers news from Germany and the UK. Germany DIHT Criticizes Government Draft on the Introduction of Data Retention Hamburg Data Protection Officer: Facebook is Not Allowed to Require Real Name of User Voßhoff Warns Against Fitness Apps by Health Insurers UK Dawson-Damer v Taylor Wessing LLP For more information on any of … Continue Reading
This week’s alert covers news from Germany, Hong Kong and the United Kingdom. Germany Entrepreneur Must Remove Surveillance Camera Capturing Neighboring House Federal Ministry of the Interior Publishes New Model Contracts Containing No Spy Clause Hong Kong Hong Kong’s Privacy Commissioner Updates Guidelines in Relation to the Collection and Use of Biometric Data UK Data … Continue Reading
This week’s alert covers news from the EU and the United Kingdom. EU European Data Protection Supervisor Makes Recommendations for the New General Data Protection Regulation European Court of Human Rights Rules that Privacy Right is More Important than Journalistic Freedom UK A Committee of MPs to Scrutinise “Big Data” Opportunities and Risks… Continue Reading
This week’s alert covers news from the EU, Germany and the United Kingdom. EU US Data Transfer/Safe Harbor Talks Inch Closer to Deal Germany Bundestag Adopts Draft Law on IT Security German Privacy Commissioner Presents Activity Report for 2013 and 2014 Federal Government Provides Draft on WLAN Liability to EU Commission Federal Privacy Authorities Examine … Continue Reading
This week’s alert covers news from Australia, the EU, Russia, UK and the US. Australia Office of the Australian Information Commissioner Releases Guide to Privacy Regulatory Action EU Article 29 Working Party Opinion on the Draft Data Protection Regulation Draft EU Rules Approved Concerning the Passenger Name Record Data of People Flying to or From … Continue Reading
This week’s alert covers news from the EU, France, Germany, the UK and the United Nations. EU Head of EU Data Protection Says Trading Privacy for Security is a “False Fad” EDRi Asks European Commission to Examine Data Retention Laws in the EU France Intelligence Bill Adopted by the French National Assembly French Data Protection … Continue Reading
