An international cybersecurity advisory panel formed by the Monetary Authority of Singapore (MAS) has recommended that all financial institutions in Singapore ensure that data stored on the public cloud is kept secure, and that they perform cybersecurity risk assessments on their third-party providers.

These proposals were raised at the panel’s second annual meeting, after its members had met with representatives from the Standing Committee on Cyber Security from the Association of Banks in Singapore, Life Insurance Association Singapore and General Insurance Association of Singapore.

The panel also noted that there had been an increase in use by financial institutions of application programming interfaces (APIs) to build software and applications. As use of such APIs could pose a greater risk of cyber threats, the panel suggested specific ways in which the institutions should combat such risk; for instance:

  • conducting “red-teaming” cyberattack simulations
  • securing network connections with any third party providers
  • monitoring for any suspicious cyber activity.


Continue Reading Monetary Authority of Singapore panel urges financial institutions to adopt cybersecurity measures

Earlier this month, the UK Department of Health and Social Care published an initial Code of Conduct for data-driven health and care technology. The code builds on the Department for Digital, Culture, Media and Sport’s Data Ethics Framework.

The code encourages the United Kingdom’s health and care system to form partnerships with suppliers of data-driven technologies, in order to deliver improved health care and position the United Kingdom as a “great place to do business on technology”.

Four key group stakeholders are identified by the code: patients and citizens, health and care professionals, commissioners, and innovators. The code aims to meet the “most important need” for each of these groups, which consist of those experiencing improved care, those delivering better care, those providing services that better meet users’ needs, and those working to make the United Kingdom become a centre for innovation.

Continue Reading UK Code of Conduct for data-driven health and care technology

A recent study conducted by researchers at the University of Piraeus, published in the Institute of Electrical and Electronics Engineers’ Access journal (29 January 2018), has indicated that many popular health apps have significant privacy and cybersecurity failings; many of them do not follow standard practices nor will they comply with the upcoming General Data Protection Regulation (GDPR). This means that a large number of mobile health apps are jeopardizing the privacy of millions of users.

Mobile health apps

In the last few years there has been a substantial growth in mobile health apps and the ‘connected health’ model, which aims to achieve flexible, effective and affordable healthcare services by using connected technology that offers better records management, information access and increased diagnostic capabilities. This is also known as ‘smart health’. Many healthcare professionals are shifting to mobile apps for easier communication with their patients, increased productivity and improved health management capabilities.

Continue Reading Study identifies cybersecurity and privacy shortcomings in health apps

The EU Commission continues to show its support and investment in new technologies in the digital economy. On February 1, 2018, the Commission and the European Parliament launched the EU Blockchain Observatory and Forum, and earlier this month, the Commission also unveiled its FinTech Action Plan.

The Blockchain Observatory

The observatory is designed to be a comprehensive repository of blockchain expertise and a source of innovation and development. It brings together policymakers, technology experts, regulators, businesses and users with the goal of building on new opportunities offered by the blockchain technology. The initiative forms part of the drive towards the digital single market, a Commission strategy to boost e-commerce, modernize regulations and promote the digital economy. The observatory also aims to support the interoperability of blockchain, which is the ability of computer systems and software to exchange and utilize information without restrictions. It also seeks to address the varied challenges in the blockchain ecosystem – such as trust, compliance, security, traceability by design, among other issues.

The EU Commission has also called for a feasibility study on the opportunity of an EU blockchain infrastructure, with tenders closed in January. The study will research the opportunity, benefits and challenges of an enabling framework supporting blockchain-based services, and whether EU services could run on such an infrastructure.

Continue Reading European Commission outlines blockchain development plans, calls for a feasibility study and unveils FinTech Action Plan.

On June 21, 2016, the FAA issued its long-awaited regulations governing “Small Unmanned Aircraft,” or drone operation.  The regulations allow the use of drones weighing less than 55 pounds, traveling less than 100 mph groundspeed, and up to 400 feet above the ground, for a wide variety of purposes during daylight hours.  The regulations allow

In a sign of the continuing significance of the U.S. Supreme Court’s recent ruling in Spokeo v. Robins, 136 S. Ct. 1540 (May 24, 2016), another federal court has cited that ruling in dismissing claims for lack of Article III standing. In Gubula v. Time Warner Cable, Inc., No. 15-cv-1078 (E.D. Wis. June

Responding to the increasingly significant threats to customer payment information, the Payment Card Industry Security Standards Council (‘PCI SSC’) has published an update to its data security standard (‘PCI DSS’). Version 3.2 seeks to protect cardholder data by introducing:
Continue Reading PCI Council Reacts Again to Data Security Threats

Ever since the Target and Home Depot breaches were traced to intrusions at their vendors, the management of cybersecurity at third-party vendors has been a focus of companies and regulators. The FTC has flagged the issue, as has the SEC. The DoD has imposed strict cybersecurity requirements for contractors that “flow down” to sub-contractors.

But despite an increasing focus on the full lifecycle of third-party risk management, vendor incidents continue to represent a high percentage of reported data breaches. According to a March 2016 Ponemon Institute report, 49 percent of survey respondents indicated that their organization experienced a data breach caused by a vendor.
Continue Reading Are You Prepared for Your Vendor’s Data Breach?

It is commonplace to turn on the television news and hear of a new data breach from a large retailer or someone else. No one wants the legal problems (not to mention the embarrassment and the hit to reputation) from having their systems breached. Consequently, data security is on everyone’s mind.

However, many companies have

Your business may license many different types of software and technology in the ordinary course. These licenses range from software installed on your internal network to use-rights in software-as-a-services (SaaS) models, where the programs reside on the vendor’s host systems and are accessed via the Internet (or in some other manner).

In each case, you are granted use-rights that define how the licensed materials can be used (for example, there may be a limit on the type of business for which the materials can be used), where they can be used (i.e., a territory or facility restriction), and who can use them.

Ensuring that the technology can be used by the appropriate people is one of the most overlooked items in a technology license.
Continue Reading Don’t Forget About Your Affiliates and Customers as Technology License End Users