The Personal Data Protection (Amendment) Bill 2024 (“PDPB”) was at last passed by the Malaysian Parliament at the end of July. After Royal Assent and publishing, it will become law (on a date to be determined by the Minister of Digital to be specified in the Gazette). The PDPB introduced several changes intended to better align Malaysia’s 2010 Personal Data Protection Act with global standards.Continue Reading Malaysian Parliament Passes Personal Data Protection (Amendment) Bill 2024
data privacy
Illinois Legislative Update: BIPA Reform Bill Reducing Damages Approved by Illinois House, Awaiting Governor’s Signature
This blog post was cross-posted from Seyfarth’s Consumer Class Defense site.
In a significant legislative development, the Illinois House of Representatives has overwhelmingly approved Senate Bill 2979, with a vote of 81 to 30, which amends the Illinois Biometric Information Privacy Act (BIPA) to limit damages to one violation per individual, rather than…
Upcoming Webinar! Data Protection and Cybersecurity: Safeguarding Trade Secrets in the Digital Age
In today’s ever-evolving and interconnected world, trade secret protection demands proactive measures against both technological vulnerabilities and human threats. Join us for the fourth installment of our 2024 Trade Secrets Webinar Series, where our panel of seasoned trade secrets and cybersecurity attorneys will equip you with practical strategies to bolster your defenses.
Continue Reading Upcoming Webinar! Data Protection and Cybersecurity: Safeguarding Trade Secrets in the Digital Age
Surprising Plot Twist: The European Data Protection Supervisor Reprimands the European Union for its use of Microsoft 365
The European Union (EU)’s government organizations are just like any another entity trying to function in a world where global companies and even government entities are reliant on digital platforms for messaging and collaboration. For years, there has been debate about how platforms like Microsoft 365, formerly Office 365, could be deployed in a way that complies with the GDPR processing and transfer restrictions. And it turns out that even the European Commission (EC) itself can apparently get it wrong. In a surprising turn of events earlier this month, the European Data Protection Supervisor (EDPS) concluded its nearly three year investigation into the Commission’s own deployment and use of Microsoft 365, signaling a pivotal moment in the conversation about the GDPR privacy and security requirements for cloud-based messaging and document collaboration platforms.Continue Reading Surprising Plot Twist: The European Data Protection Supervisor Reprimands the European Union for its use of Microsoft 365
Wellness Apps and Privacy
Employers looking to enhance their suite of employee benefit programs, and focused on lessons learned during the pandemic on wellbeing, are interested in providing greater access to wellness tools. And, the vendors who support those tools are more than happy to provide them. Global spend in the health and wellness market would be around $24.8 billion in 2023 according to a study by Kilo Health. Wellness apps and wearables abound in all sorts of areas — from counting steps to nutrition to mental health to physical fitness to financial fitness. These tools are relatively inexpensive to provide and easily accessible to the workforce – many times with just a simple download to a smartphone. And, best of all they’re completely private with no middle man, and only the employee seeing their own data and progress. Right? Well — not so fast.Continue Reading Wellness Apps and Privacy
How to Comply with and Unpack the Wide Reach of Washington’s My Health My Data Act (Webinar Recording)
On October 5, 2023, Seyfarth offered a Masterclass, hosted by Lexology, which was designed to familiarize in-house counsel and privacy professionals, in and out of Washington state, with the My Health My Data Act legislation. Portions of the Act are already in effect and go into further effect on March 31, 2024.
We explored its…
Upcoming Webinar! How to Comply with and Unpack the Wide Reach of Washington’s My Health My Data Act
Thursday, October 5, 2023
1:00 p.m. – 2:00 p.m. ET
12:00 p.m. – 1:00 p.m. CT
11:00 a.m. – 12:00 p.m. MT
10:00 a.m. – 11:00 a.m. PT
About the Program
Seyfarth is pleased to offer this Masterclass, hosted by Lexology, which is designed to familiarize in-house counsel and privacy professionals, in and…
SEC Publishes Public Company Cybersecurity Disclosure Final Rule
This blog post is co-authored by Seyfarth Shaw and The Chertoff Group and has been cross-posted with permission.
What Happened
On July 26, the U.S. Securities & Exchange Commission (SEC) adopted its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure final rule on a 3-2 vote. The final rule is a modified version of the SEC’s earlier Notice of Proposed Rulemaking (NPRM) released in March 2022. The final rule formalizes and expands on existing interpretive guidance requiring disclosure of “material” cybersecurity incidents.Continue Reading SEC Publishes Public Company Cybersecurity Disclosure Final Rule
Multiple Cyber Incidents Impact Employee Benefit Plans and Participants
By this point, most people in the employee benefits space have heard about the MOVEit and Retirement Clearing House (RCH) cyber incidents, which could directly impact employers’ benefit plans. The MOVEit file transfer application is used by a number of vendors, including those that locate missing plan participants or find information regarding deceased plan participants (e.g., PBI Research Services). RCH is often used by retirement plans to facilitate benefit transfers, including for IRA rollovers. Other plan vendors/subcontractors may also use the MOVEit software application or subcontract with RCH for their plan services. Actual and potential victims have included state and federal government agencies as well as companies across a variety of industries (and their benefit plans) who were using MOVEit or RCH, or who engaged with service providers who used these tools.Continue Reading Multiple Cyber Incidents Impact Employee Benefit Plans and Participants
Federal Court Rejects Application of BIPA Statute of Limitations to Privacy Act Violations
Seyfarth Synopsis: The U.S. District Court for the Northern District of Illinois recently denied Plaintiff’s motion to reconsider a prior dismissal of his privacy action due to untimeliness. In a case titled Bonilla, et al. v. Ancestry.com Operations Inc., et al., No. 20-cv-7390 (N.D. Ill.), Plaintiff alleged that consumer DNA network Ancestry DNA violated the Illinois Right of Publicity Act (“IRPA”) when it uploaded his high school yearbook photo to its website. The Court initially granted Ancestry’s motion for summary judgment, finding Plaintiff’s claims to be time-barred under the applicable one-year limitations period. Upon reconsideration, Plaintiff – unsuccessfully – made a first-of-its-kind argument that the Court should apply the Illinois Biometric Privacy Act’s five-year statute of limitations to the IRPA.Continue Reading Federal Court Rejects Application of BIPA Statute of Limitations to Privacy Act Violations