An international cybersecurity advisory panel formed by the Monetary Authority of Singapore (MAS) has recommended that all financial institutions in Singapore ensure that data stored on the public cloud is kept secure, and that they perform cybersecurity risk assessments on their third-party providers. These proposals were raised at the panel’s second annual meeting, after its … Continue Reading
Earlier this month, the UK Department of Health and Social Care published an initial Code of Conduct for data-driven health and care technology. The code builds on the Department for Digital, Culture, Media and Sport’s Data Ethics Framework. The code encourages the United Kingdom’s health and care system to form partnerships with suppliers of data-driven … Continue Reading
A recent study conducted by researchers at the University of Piraeus, published in the Institute of Electrical and Electronics Engineers’ Access journal (29 January 2018), has indicated that many popular health apps have significant privacy and cybersecurity failings; many of them do not follow standard practices nor will they comply with the upcoming General Data … Continue Reading
The EU Commission continues to show its support and investment in new technologies in the digital economy. On February 1, 2018, the Commission and the European Parliament launched the EU Blockchain Observatory and Forum, and earlier this month, the Commission also unveiled its FinTech Action Plan. The Blockchain Observatory The observatory is designed to be … Continue Reading
On June 21, 2016, the FAA issued its long-awaited regulations governing “Small Unmanned Aircraft,” or drone operation. The regulations allow the use of drones weighing less than 55 pounds, traveling less than 100 mph groundspeed, and up to 400 feet above the ground, for a wide variety of purposes during daylight hours. The regulations allow … Continue Reading
In a sign of the continuing significance of the U.S. Supreme Court’s recent ruling in Spokeo v. Robins, 136 S. Ct. 1540 (May 24, 2016), another federal court has cited that ruling in dismissing claims for lack of Article III standing. In Gubula v. Time Warner Cable, Inc., No. 15-cv-1078 (E.D. Wis. June 17, 2016), … Continue Reading
Responding to the increasingly significant threats to customer payment information, the Payment Card Industry Security Standards Council (‘PCI SSC’) has published an update to its data security standard (‘PCI DSS’). Version 3.2 seeks to protect cardholder data by introducing:… Continue Reading
Ever since the Target and Home Depot breaches were traced to intrusions at their vendors, the management of cybersecurity at third-party vendors has been a focus of companies and regulators. The FTC has flagged the issue, as has the SEC. The DoD has imposed strict cybersecurity requirements for contractors that “flow down” to sub-contractors. But despite an … Continue Reading
It is commonplace to turn on the television news and hear of a new data breach from a large retailer or someone else. No one wants the legal problems (not to mention the embarrassment and the hit to reputation) from having their systems breached. Consequently, data security is on everyone’s mind. However, many companies have multiple large … Continue Reading
Your business may license many different types of software and technology in the ordinary course. These licenses range from software installed on your internal network to use-rights in software-as-a-services (SaaS) models, where the programs reside on the vendor’s host systems and are accessed via the Internet (or in some other manner). In each case, you are … Continue Reading
Many organizations in different markets and industries are outsourcing parts (or all) of their IT functions (including support, development, help desk, data storage and others). Why are they outsourcing? What are the potential benefits of outsourcing? Helps the company bottom line – saves money. Many companies find lots of savings in outsourcing. The savings may be … Continue Reading
On 23 June, the UK government introduced a new online cyber security training course designed to assist the procurement profession to stay safe online. After a recent government survey found that half of the worst breaches were caused by human error, the government aims to increase awareness and help organisations reduce risk. The course, freely … Continue Reading
In December 2012, the Spanish Data Protection Authority (SPDA) published a new set of Model Clauses prepared purely for use by service providers that subcontract to companies located in countries outside the EEA. These new Model Clauses (based on the 2010 controller-to-processor clauses) will allow for an international transfer of personal data between a data … Continue Reading
