Archives: Data & Cyber Security

Subscribe to Data & Cyber Security RSS Feed

Germany passes new cyber-security law

On 25 July 2015 in Germany, the new IT Security Act entered into force. The law aims to improve IT security in companies and public bodies, especially in the field of critical infrastructure, thus stipulating minimum security standards and reporting obligations for operators and providers of communication systems. The law will affect institutions listed as … Continue Reading

Tech giants caught between EU disagreements on scope of Proposed Network and Information Security Directive

U.S. tech giants, like Google and Facebook, found themselves caught between the European Parliament and the European Commission as disagreements continue as to whether Internet service providers should be included within the definition of ‘market operators’ in the Proposed Directive on Network and Information Security (IP/13/94) (the ‘Directive’). Currently, the EU Commission would like to … Continue Reading

UK offers improved cyber security training to boost procurement profession

On 23 June, the UK government introduced a new online cyber security training course designed to assist the procurement profession to stay safe online. After a recent government survey found that half of the worst breaches were caused by human error, the government aims to increase awareness and help organisations reduce risk. The course, freely … Continue Reading

PCI Council Updates both Card Production Standards and Data Security Standards

The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’). First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation … Continue Reading

PCI Council Updates both Card Production Standards and Data Security Standards

The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’). First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation … Continue Reading

Domestic cyber issues no more? International cyber security collaboration continues to grow

A report by PWC on the Global State of Information Security Survey identified that 2014 saw a 48% increase of security incidents over 2013, with the resulting financial loss increasing by an average of 34%. In the United States, President Obama called cyber threats from overseas a ‘national emergency’; and the UK Department of Business … Continue Reading

Into the Future

The oracle of Silicon Valley, Mary Meeker – a partner at Kleiner Perkins – just published her highly anticipated 2015 Internet Trends Report.  Meeker’s report is the ultimate compilation of essential technology statistics, and is one of the most widely read and respected insights into the future of the Internet and technology trends. Encompassing everything … Continue Reading

State AGs’ Interest in Privacy and Cybersecurity – No End in Sight – REDUX (or, if you prefer, we told you so…)

Reed Smith has been closely following the interest and activities of State AGs in the areas of privacy and cybersecurity, and recently blogged on a major NAAG (National Association of Attorneys General) conference in April on these topics. That conference, which was sponsored by the Mississippi AG, was meant to educate AGs – most of … Continue Reading

9 Steps to Prepare a Data Breach Debrief for the CEO in 30 Minutes

Following a data breach, it is the responsibility of the general counsel and in-house legal department to quickly assess the situation and immediately provide a coherent and thoughtful initial report to the CEO. The following nine steps should be able to help prepare an effective briefing in about 30 minutes and get through a computer … Continue Reading

Trade Secrets Directive to be published this summer

Passage of the draft Directive on Trade Secrets (the ‘Directive’), proposed in November 2013, looks imminent. We’re expecting that the final Directive will be published this summer, giving each of the 28 EU Member States two years in which to enact national implementing legislation. The new Directive aims to harmonise the differing national laws protecting … Continue Reading

Unlimited fines may now be imposed by UK Magistrates’ Court Data Protection offences

Since the Legal Aid, Sentencing and Punishment of Offenders Act 2012 (Fines on Summary Conviction) Regulations 2015 came into force 12 March 2015, the Magistrates’ Court has had the ability to impose unlimited fines for criminal offences under the Data Protection Act 1998 (‘DPA’). Under s.55 DPA, an individual can be convicted of a criminal … Continue Reading

Virginia Launches First State-Level Information Sharing and Analysis Organization

On April 20, Virginia Gov. Terry McAuliffe announced that the state is establishing the nation’s first state-level Information Sharing and Analysis Organization (“ISAO”), intended to enhance the voluntary sharing of critical cybersecurity threat information in order to confront and prevent potential cyberattacks. In the face of recent high-profile data breaches affecting both private and public … Continue Reading

Data Security and Breach Notification Act of 2015 Advances Despite Strong Criticism

On April 17, advocates in support of a federal data security and breach notification law achieved a victory when the House Energy and Commerce Committee passed a bill supporting national legislation. The proposed Data Security and Notification Act of 2015 (the “Act”) seeks to codify uniform regulations governing consumer personal information throughout the United States. … Continue Reading

Washington Amends its State Data Breach Notification Law

On April 13, the Washington State Senate unanimously passed an amendment to the state’s data breach notification law. The amendment, which was requested by Washington Attorney General Bob Ferguson, and which we discussed in this previous post, passed the state house of representatives in March and is now awaiting the governor’s signature. The law will … Continue Reading

Enforced subject access requests now a criminal offence in the UK

In September 2014 we reported on the UK’s intention to stamp out a practice commonly known as “enforced subject access requests”. This concerned the previously dormant section 56 of the UK Data Protection Act 1998 (‘DPA’), which, following an announcement from the Ministry of Justice, was implemented on March 10, 2015. Under this section, it … Continue Reading

PCI Security Standards Council Announces Revisions to the use of SSL

The Payment Card Industry (PCI) Security Standards Council has released a bulletin on impending revisions to version 3.0 Payment Application Data Security Standards (PA-DSS) and version 3.0 of the PCI Data Security Standard (PCI-DSS), which we reported on in January 2014. To ensure the continued protection of consumers’ payment data, the PCI Security Standards Council … Continue Reading

NGOs may rely on UK’s Journalism Exemption

The UK Information Commissioner’s Officer (the “ICO”), in a letter to Global Witness (in Steinmetz and others v Global Witness) (the “Letter”), stated that non-media organisations may rely on the special-purposes exemption for journalism in s32 of the Data Protection Act 1998 (the “DPA”), to withhold personal data in response to Data Subject Access Requests. … Continue Reading

South Korean Communications Commission Releases Guidelines on Data Protection for Big Data

In December 2014, the Korea Communications Commission (KCC) released the“Big Data Guidelines for Data Protection” (Guidelines). Aimed at Information and Communications Service Providers (ICSPs), they are designed to prevent the misuse of “publicly available information” to create and exploit new information. The Guidelines expressly permit ICSPs to collect and use “publicly available information”, within certain … Continue Reading

China’s State Administration for Industry and Commerce Releases Measures Defining Consumer Personal Information

In January, China’s State Administration for Industry and Commerce (SAIC) released its ‘Measures on Penalties for Infringing Upon the Rights and Interests of Consumers’ (Measures) which are due to take effect March 15, 2015. These Measures flesh out China’s Consumer Rights Protection Law (CRPL) which was amended in March 2014 and provides guidance as to … Continue Reading

EU Art. 29 Working Party Letter on Health Data and Apps

The EU Article 29 Working Party (“WP29”) has published a letter to the European Commission (“EC”) on the scope of health data in relation to lifestyle and well-being apps, following the EC’s Working Document on mHealth and the outcome of its public consultation, which generated interest in strong privacy and security tools, and strengthened enforcement … Continue Reading

Google signs UK Undertaking to Improve its Privacy Policy

On 30 January 2015, Google signed an Undertaking with the Information Commissioner’s Office (ICO) to improve and amend the Privacy Policy it adopted 1 March 2012. Among other things, the modifications to the Privacy Policy allowed Google to combine personal data across all services and products. For example, personal data collected through YouTube could now … Continue Reading

New Data Protection Laws in Africa

In recent years, the number of African countries which have enacted privacy frameworks or are planning data protection laws has vastly increased. Currently, 14 African countries have privacy framework laws and some sort of data protection authorities in place. Once the African Union Convention on Cyber Security and Personal data Protection (Convention) is ratified across … Continue Reading
LexBlog