Information Governance

With the festive season now firmly upon us, there are indications that European Union institutions could soon be delivering an early Christmas present to businesses: the conclusion of trilogue negotiations on the General Data Protection Regulation (‘GDPR’).

The GDPR, according to the latest document to come out of Brussels, aims to “reinforce data protection rights of individuals, facilitate the free flow of personal data in the digital single market and reduce administrative burden.” The EU Commission, Parliament and Council are currently locked in closed-door negotiations to agree to the final text of the GDPR, and while some uncertainty remains over the exact provisions that will be included, the latest available text from the European Presidency indicates that the key changes will be that:
Continue Reading Countdown to the General Data Protection Regulation…

U.S. tech giants, like Google and Facebook, found themselves caught between the European Parliament and the European Commission as disagreements continue as to whether Internet service providers should be included within the definition of ‘market operators’ in the Proposed Directive on Network and Information Security (IP/13/94) (the ‘Directive’). Currently, the EU Commission would like to see both search engines and social networks included, whereas the European Parliament prefers a common European framework focusing on critical infrastructure only, such as financial services and power stations.

The EU Parliamentary view is that broadening the scope of the Directive risks undermining the aim of the law which is to protect key or critical services, whereas including ISPs, and as a consequence some U.S. tech giants, would require the tech giants to report global cyber attacks to each of 28 member states’ respective regulators. Those arguing against ISP inclusion argue that they are already highly regulated, and that many of the requirements contained in the proposed Directive are already provided for by commercial contracts and service level agreements, and that the introduction of additional legislation would create added complexity and have a negative impact on innovation within the tech industry.
Continue Reading Tech giants caught between EU disagreements on scope of Proposed Network and Information Security Directive

The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’).

First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation through to delivery). The requirements themselves are divided into two parts: Card Production Logical Security Requirements and Card Production Physical Security Requirements. The logical requirements apply to the personalisation of cards or the manipulation of card data, whereas the physical requirements deal with processes like the storage and mailing of cards. The update changes or adds requirements across a variety of issues, from card storage embossing to emergency exits; but although the PCI SSC maintain the standards, the emphasis is firmly upon payment companies themselves to manage assessments against these PCI requirements.
Continue Reading PCI Council Updates both Card Production Standards and Data Security Standards

At a standing-room-only meeting on the evening of June 21, 2015 – at the ICANN 53 global meeting in Buenos Aires – Assistant Secretary Larry Strickling, administrator of the National Telecommunications and Information Administration (“NTIA”), gave his comments on the current timeline for the transition of the IANA (i.e., technical) functions of ICANN. The bottom line is that transition will probably happen sometime in spring 2016 under the best-case scenario.

By way of background, before transition (also called “stewardship”), a number of milestones need to be achieved. The Cross-Community Working Group on Stewardship – Naming (“CWG”) needed to complete its report and have it approved, which was done on June 24. The report forms part of the larger IANA Stewardship Transition Coordination Group (“ICG”) process. It was made clear at the other meetings here that the CWG report (part of the ICG effort) will be contingent on certain criteria being established in the parallel work of the Cross-Constituency Working Group on Accountability (“CCWG”), which has two major workstreams – one relating to the transition (stewardship) and one on more general issues. The CCWG intends to hold a face-to-face meeting in Paris in July and hopes to have its work on transition accountability completed by the ICANN 54 meeting in Dublin in October 2015. When the ICG and the CCWG have completed their reports, NTIA will need to review the completed unified proposal which, by the current timeline, could not happen before the Dublin meeting.Continue Reading ICANN 53 Global Meeting

The Payment Card Industry Security Standards Council (‘PCI SSC’) has had a busy year thus far updating both its Card Production Security Requirements and its Data Security Standards (‘PCI DSS’).

First, on 10 April, the PCI SSC updated its Card Production Requirements (guidance published to help card producers secure the card production process from creation through to delivery).  The requirements themselves are divided into two parts: Card Production Logical Security Requirements and Card Production Physical Security Requirements. The logical requirements apply to the personalisation of cards or the manipulation of card data, whereas the physical requirements deal with processes like the storage and mailing of cards. The update changes or adds requirements across a variety of issues, from card storage embossing to emergency exits; but although the PCI SSC maintain the standards, the emphasis is firmly upon payment companies themselves to manage assessments against these PCI requirements.Continue Reading PCI Council Updates both Card Production Standards and Data Security Standards

A report by PWC on the Global State of Information Security Survey identified that 2014 saw a 48% increase of security incidents over 2013, with the resulting financial loss increasing by an average of 34%. In the United States, President Obama called cyber threats from overseas a ‘national emergency’; and the UK Department of Business

The Information Society Code (2014/917) (Code) – a new act in Finland on electronic communications, privacy, data security, communications, and the information society in general – took effect 1 January.

This sees a consolidation of 10 existing acts into one, which had included Finland’s Communications Market Act; Act on the Protection of Privacy in Electronic

On Thursday, February 7, 2013 (1 p.m. EST), Reed Smith attorney Mark Melodia will serve as a guest speaker for a webcast on “Big Data Converging with Legal, Information Governance and Regulatory Requirements.” The webcast will be hosted by Exterro, Inc., an e-discovery software solutions provider.

Leading companies in nearly all industries are gathering unprecedented

This post was also written by Rosanne Kay.

Reed Smith hosted a seminar in its London office to discuss issues companies face arising from poor Records Management, Data Protection, E-Disclosure and the Proposed EU General Data Protection Regulation. Speakers included the UK Information Commissioner’s Office Head of Strategic Liaison, Jonathan Bamford, and Reed Smith