Below are snapshots of recent global updates courtesy of Nymity Research.
Legislation: Belarus Enacts Personal Data Protection Law
Effective November 13, 2021, consent will be the general legal basis for processing personal and special category data (unless an exception applies), data subjects will have the right to correction, rectification, deletion, access and disclosure of processing activities, and cross-border transfers are permitted where there is adequate protection or another exemption applies (e.g., consent, prior authorization); breaches must be notified within 3 days of discovery, and operators will be subject to damages for violations. Read more here.
Connected Cars: DPA Germany Requires Changes to Autonomous Driving Act
The current wording of the Act presupposes a continuous flow of data about the vehicle owner and occupants to secure against manipulation of the vehicle (instead, the manufacturer should equip the vehicle in a way that makes it tamper-proof from an unauthorized party), and does not specify the location of data storage or the person obliged to store it (the Act should specifically state that data must be stored in the vehicle by the owner only on explicitly specified occasions). Read more here.
Legislation: New York City Requires Biometric Transparency
Effective April 1, 2021, retail stores, food and drink establishments and places of entertainment must provide a clear, conspicuous notice at all entrances, if they collect, retain, convert, store or share customer biometric identifier information, and cannot sell, lease, trade, share for value, or profit from a transaction of the information; individuals can sue to recover damages up to $5,000 for intentional or reckless violations. Read more here.
Legislation: Virginia Proposes Regulations Implementing Insurance Data Security Act
The Bureau of Insurance revised previously proposed regulations following public comments; key requirements include steps for how licensees are to conduct periodic risk assessments (e.g., assess sufficiency of policies and the likelihood of potential damage from threats), implement an information security program (e.g., use encryption and multi-factor authentication), and notify a cybersecurity event to the Insurance Commissioner (within 3 days) and affected consumers (where there is a likelihood of identity theft or other fraud). Read more here.
Stay informed with daily comprehensive regulatory updates using Nymity Research. Minimize the need for time consuming searches for accurate analysis with easy to understand alerts on the latest privacy laws. Start a free trial today.