My Content
Insights

Israeli Parliament Approves Landmark Biometric Database law

The Knesset (the Israeli Parliament), recently completed the enactment of the controversial biometric database law. The law, originally enacted in 2009, establishes a national database containing biometric data of all Israeli citizens. Its declared purpose is combating large-scale loss and theft of government-issued ID cards and passports used by criminals and terrorists. The original law established an initial pilot period ...

CJEU Restricts Retention of Communication Meta-Data by Telecom Providers

The Court of Justice of the European Union (CJEU) has held that EU law prohibits a general and indiscriminate retention of telecommunication meta-data. The court nevertheless held that EU states can require that telecom providers engage in targeted and limited retention of meta-data solely for the purpose of facilitating the fight against serious crime. 
 
The CJEU’s judgment was based ...

US FDA Issues Guidance on Postmarket Management of Cybersecurity in Medical Devices

The US Food and Drug Administration (FDA) has published guidance informing of the FDA’s recommendations for managing postmarket cybersecurity vulnerabilities for marketed and distributed medical devices. The guidance emphasizes that manufacturers of medical devices should monitor, identify, and address cybersecurity vulnerabilities and exploits as part of their postmarket management. It urges manufacturers to implement comprehensive cybersecurity risk management programs and ...

UK Privacy Regulator Publishes Draft Guidelines on 'consent' under the GDPR

The UK Information Commissioner (the British privacy regulator) has published a draft of proposed guidance on the notion of ‘consent’ under the General Data Protection Regulation (GDPR), set to take effect in May 2018. The draft guidance emphasizes that the GDPR establishes an elevated standard for consent. It requires offering individuals genuine choice and control over the collection and processing ...

New York Updates Proposed Cybersecurity Regulation for Financial Institutions

Following more than 150 public comments to the original proposal for cybersecurity regulation for financial institutions, the New York State Department of Financial Services (NYDFS) has updated its proposed regulation, with what is generally speaking a more lenient approach for covered entities.
 
The updated regulation adopts a risk-based approach that gives covered entities greater flexibility in determining the cybersecurity ...

EU Regulators Issue First GDPR Guidance

The panel of European national privacy regulators, known as the ‘Article 29 Working Party’, has issued its first set of substantive guidance addressing issues under the EU General Data Protection Regulation (GDPR). The GDPR, scheduled to enter into force in May 2018, constitutes a sweeping reform in the areas of data protection and data privacy. The GDPR applies not only ...
More of My Content
Insights