In this episode, Sarah Bruno and LiLing Poh discuss recent trends as organizations invest more in technology through the acquisition of new platforms or programs, or by working with a vendor to bring a product to market. Exploring a case study involving a global pharmaceutical company on the rollout of a health-related digital app,

In Singapore, private sector organisations must generally comply with the transfer limitation obligation in the Personal Data Protection Act (the Act). Any transfer of personal data outside Singapore must be in accordance with the Act’s requirements, to ensure that a comparable standard of protection is accorded to that data.

However, where an organisation is a data intermediary, i.e., it processes personal data on behalf of and for the purposes of another pursuant to a written contract, that intermediary is not subject to the transfer limitation obligation, as specified in section 4(2) of the Act.Continue Reading Guidance given on Singapore cross-border data transfer obligation for intermediaries and cloud providers

This post was written by Kevin Xu and John L. Hines, Jr.

U.S. courts often disregard foreign data privacy laws in the context of discovery. Litigants sometimes find themselves compelled to produce under U.S. law what they are forbidden to produce under the privacy laws of another country. However, a recent U.S. court decision indicates increasing sensitivity to the privacy expectations of persons abroad.

On August 27, 2010, in connection with In re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation, the court ruled that some data collected and processed in the EU would have been unlawful to transfer to the United States under the EU Privacy Directive, and thus, should not be subject to production in U.S. litigation.Continue Reading Federal Court in NY Says EU Documents Containing Personal Information are Off Limits in Class Action Litigation