In response to the ongoing disruption caused by COVID-19, OCIE issued a Risk Alert on Aug. 12, 2020. In the Risk Alert, OCIE makes various observations and recommendations which fall into six different categories: (1) protection of investors’ assets; (2) supervision of personnel; (3) practices relating to fees, expenses, and financial transactions; (4) investment fraud; (5) business continuity; and (6) the protection of investor and other sensitive information ...
OCIE’s most recent Risk Alert, published Sept. 15, 2020, address another cybersecurity issue, this time highlighting the dangers of “credential stuffing.” Credential stuffing is a method of cyberattack that uses compromised client login credentials and can lead to loss of customer assets and the disclosure of confidential or other personal information. Hackers will obtain groups or lists of usernames, email addresses, and their passwords from sellers on the dark web ...
On 25 September 2020 Parliament approved the final draft of the revised Data Protection Act (rev-DPA).(1) The rev-DPA is expected to enter into force in 2022. However, it is subject to a facultative referendum and the corresponding ordinance will be adapted accordingly – thus, the rev-DPA is still a work in progress ...
The coronavirus disease (COVID-19) outbreak continues to put pressure on the public and private sectors alike. As we are entering new phases of the COVID-19 pandemic, we have to switch our focus towards safely and gradually reopening our businesses and economies while continuing to implement prevention measures ...
Introduction On 16 October 2020 the government reinforced the urgent measures to limit the further spread of COVID-19. Teleworking is no longer highly recommended, but has become the standard for all employees whose roles allow for telework. Yet, the new rule is less far-reaching than that in place during the first lockdown in March 2020, as an exception now applies when the continuity of business operations, activities and services does not allow for teleworking ...
It is the time of year for a good scare– but not all a welcome treat! The U.S. Department ofHealth and Human Services(HHS)published a cyber-threat advisory that comes as no great surprise to healthcare providers. As all healthcare providers are focused on continuing to provide excellent care during this COVID-19 pandemic, it is unfortunate that cyber-criminals see this as an opportunity for healthcare targeted ransomware attacks ...
On 25 September 2020 Parliament approved new regulations for Blockchain and Distributed Ledger Technology (DLT).(1) The goal of this new legal framework is to further establish and increase Switzerland's reputation as a leading, innovative and sustainable location for fintech and DLT companies. DLT framework DLT allows shared data management and, in particular, shared accounting among participants that do not know or do not trust each other's identity ...
The Privacy Commissioners of Canada, Alberta and British Columbia issued a joint investigation report, finding that Cadillac Fairview did not obtain adequate consent for the collection of digital images of faces through facial recognition technology (Anonymous Video Analytics) installed in wayfinding directories in some of their Canadian shopping malls ...
We have recently discovered growing interest in implementation of diversity and inclusion (“D&I”) programs by companies operating in Russia. D&I programs imply processing of new categories of employee personal data and new purpose of data processing. For this, Russian Labour laws do not provide for any requirement nor regulation for implementation of D&I programs ...
In this newsletter you will find a selection of the main legal news related to the fintech and digital banking market in Argentina. 3.0 transfers New open and interoperable model for instant payments As we anticipated in previous bulletins, the Central Bank (BCRA) completely updated the system of immediate electronic payments existing until now, taking it to a much more ambitious, interoperable and open model, which aims to interconnect bank accounts and accounts on an equal footing ...
While public attention focused on the federal and state elections, Michigan voters made an important decision—they adopted Proposal 20-2, which amended Michigan’s Constitution to extend its protection from unreasonable searches and seizures to electronic data and communications ...
During recent years, we have been accumulating our experience of advising clients on data protection issues, that companies face when doing their business in Russia. Many of our clients do their business in other CIS countries as well and usually face quite similar issues there. However, the level of regulation and, more importantly, enforcement, in different jurisdictions of the post-Soviet Union territory, varies significantly ...
The HHS Office for the National Coordinator of Health Information Technology issued an interim final rule on October 29, 2020, extending the compliance date for the information blocking rule under the 21st Century Cures Act to April 5, 2021 ...
On 19 October 2020 the Federal Council's Cyber Committee adopted a report on the advancement of the 2018-2022 national strategy for the protection of Switzerland against cyber risks (2018-2022 NCS) and its gradual implementation. The report focuses mainly on the progress made in supporting small and medium-sized enterprises (SMEs) and promoting research and training ...
The Copyright Office of the Department for Promotion of Industry and Internal Trade (DPIIT) has invited comments and suggestions to amend the Copyright Act before November 30, 2020. Mid last year, the DPIIT proposed a set of amendments to the Indian Copyright Rules. While these amendments sought to increase transparency and provide clarity for right holders, many other essential modifications were overlooked ...
What will UK data protection look like after Brexit 2.0 on 31 December 2020? Regime 1: the 'UK GDPR': the UK's new bespoke version together with the Data Protection Act 2018 The UK GDPR will be the UK data protection regime based on the 'EU GDPR' (see below) ...
Buyers’ Default Clause 13 of Saleform 2012 regulates Buyers’ default. The potential Buyers’ defaults are quite restricted to payment defaults. There are no Buyers’ default linked to failure to take over the Vessel (like you often find in shipbuilding contracts) or failure to provide the agreed documents. Nor is it likely that a Buyer will pay for the Vessel but not accept physical delivery ...
On Nov. 3, 2020, California voters approved Proposition 24, marking a significant shift in the U.S. privacy landscape. Proposition 24 enacted the California Privacy Rights Act of 2020 (CPRA),[1] a major expansion of the existing California Consumer Privacy Act (CCPA), which many businesses continue to grapple with since becoming effective in January 2020. Most notably, the CPRA establishes a stand-alone privacy regulator, the first U.S. state to do so ...
The Copyright Office of the Department for Promotion of Industry and Internal Trade (DPIIT) has invited comments and suggestions to amend the Copyright Act before November 30, 2020. Mid last year, the DPIIT proposed a set of amendments to the Indian Copyright Rules. While these amendments sought to increase transparency and provide clarity for right holders, many other essential modifications were overlooked ...
The debt collection restrictions and requirements in the FDCPA, which was enacted in 1977, have failed to keep up with or even contemplate modern technologies. In particular, as methods and forms of communication have evolved, the industry has had little guidance on how it can utilize newer communication channels such as emails, text messages, or social media. In many cases, the industry has had to grapple with different and often conflicting court interpretations ...
Norway has acceded to the Cape Town Convention on International Interests in Mobile Equipment and its Protocol on Matters Specific to Aircraft Equipment (the «CTC»). The CTC has been implemented and given effect under Norwegian law as of 1 April 2011. It is still possible to register security interests over an aircraft with the Norwegian Civil Aircraft Registry («NCAR») ...
The Court of Justice of the European Union delivers judgments regarding the concept of “communication to the public” faster than legal scholars can read and dissect them. While we are eagerly awaiting the Court’s analysis of different types of hyperlinking, it has taken less than two months to follow Advocate General Hogan’s opinion regarding the emailing of evidence containing copyrighted works to a court in legal proceedings ...
The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) sees the decision as a success: On November 11, 2020, the District Court of Bonn reduced the fine imposed on 1&1 Telekom GmbH for a data protection breach from an original EUR 9.55 million to EUR 990,000.00, thereby fundamentally calling into question the fine practices of the German supervisory authorities ...
Hong Kong’s Securities and Futures Commission (SFC) issued a circular last year (the Circular) in recognition of the increasing use of electronic data storage (cloud storage) for record keeping purposes. The Circular was intended to provide licensed corporations with greater flexibility in keeping regulatory records with electronic data service providers (EDSPs), as well as to clarify their general obligations in relation to electronic data ...
