With recent reports of ever more daring cyber-attacks on the banking system, and claims that cyber criminals are exploiting weaknesses in the supply chain to hack major corporations, Datonomy looks at the current EU proposals on reporting security incidents which are aimed at tackling the problem – and the concerns and flaws identified by industry and by legislators. What’s new? Some recent developments on the NISD Datonomy readers will be familiar with the proposal for a new EU Directive on Network and Information Security (NISD) unveiled by the Commission in February, and set for its first reading in the European Parliament in early 2014. The aim of the new measures is to boost security by imposing new standards, and auditing and reporting requirements on market operators – including key infrastructure providers (e.g. energy companies) and, more controversially, ecommerce platforms and social networks. Our earlier summary of those proposals can be found Continue Reading ››
Datonomy considers the Germany authorities’ reaction to the PRISM affair, and the wider practical consequences this could have for international transfers being made under the auspices of U.S. Safe Harbor and model contracts. After the reports about extensive surveillance activities by foreign and European intelligence services, especially by the American National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) and possible transfers of personal data to them by American companies, European data protection authorities are raising their voices. In a letter dated 13 August 2013, the chairman of the Article 29 Working Party expressed his deep concern to the Vice-President of the European Commission, Viviane Reding, urging her to seek for more clarification from the U.S. as well as announcing the intention of the European data protection authorities to conduct own investigations regarding the compliance of foreign and European intelligence programs with EU data protection principles. Concrete actions have … Continue Reading ››
On 3rd September, the new EU Directive 2013/40 on attacks against information systems came into force, requiring Member States to beef up national cybercrime laws and sentencing. The Directive updates and replaces the previous Framework Decision in this area and introduces new measures including criminal offences for attacks using malicious software, and increased sentencing of up to 5 years’ imprisonment for the most serious offences. The new measures are illustrative of the EU’s increasingly aggressive stance in tackling cyber-crime – but how different is the new legislation to that already in force? Datonomy explores. Why the new Directive? Last week on 3 September, the new EU Directive 2013/40 on attacks against information systems came into force. The Directive was proposed in 2010 as a replacement to the previous Framework Decision 2005/222/JHA, which criminalised various activities in relation to attacks on information systems, including illegal access to information systems, and illegal interference with systems … Continue Reading ››
Aberdeen City Council (“ACC”) has been fined £100,000 by the Information Commissioner’s Office (the “ICO”)  for failing to implement an adequate home working policy following one of its employees posting sensitive information online whilst working from home. There has been a rash of fines for security breaches imposed on public sector data controllers.  Datonomy was particularly interested in this fine because of the wider implications for the private sector.  Home working, remote working and “bring your own device” security are currently in the regulatory spot light and in the notice announcing the fine, the ICO has reiterated the importance of organisations ensuring that personal data is fully secure when accessed remotely.  It is time to revisit your BYOD and remote working policies and procedures if you haven’t already done so. In November 2011, an ACC employee unintentionally uploaded 39 pages of highly personal and confidential information relating to her job (caring … Continue Reading ››