The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments
  • Network and Information Security Directive (NISD): the Council is reported to be meeting today (27 April) to discuss its position further, and the next trilogue is reported to be taking place on Thursday, 30 April.  The Council has publicised two new documents relating to the draft on its website, dated 1 and 17 April.  These are entitled, respectively, State of Play and  “Presidency’s proposal on the way forward”.  Frustratingly, they have not yet uploaded and do not appear to be in circulation in the public domain.  On 24 April, the MLex Service (subscription only) carried a helpful report explaining the latest twists and turns on negotiations over the controversial issue of whether key internet services should be subject to the Directive. According to MLex, two … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments
  • Network and Information Security Directive: Last week the MLex service (subscription required) reported on the EU Commission’s continued effort to include key web services in the list of companies who would, under the proposed NISD, have to notify authorities whenever their systems have been hacked or otherwise compromised. Social networks, search engines, online payment facilitators, e-commerce platforms, cloud-computing services and app stores would be within scope the under the draft originally proposed by the Commission in 2013, along with more conventional critical infrastructure providers.  The extended definition, which could catch approximately 1,400 internet companies based in Europe, continues to be hotly debated by state governments, EU parliamentarians (who have voted to keep web services out of scope)  and industry leaders (with the Internet and IT … Continue Reading ››
Following a short Easter break, the Datonomy blogging team at Olswang LLP is back with the latest round up of legal and regulatory developments and other news on cybersecurity. UK policy and regulatory developments
  • With a pre-election freeze on government policy announcements, let’s look instead at what the major parties are saying about cybersecurity. On 11 April the Lib Dems announced they would introduce a Digital Rights Bill if elected, and launched an online consultation seeking voters’ views on what this should include. The proposed Bill would enshrine individuals’ digital rights in one comprehensive piece of legislation. The eleven “big ideas” are set out in this document and include privacy, data protection, control of user content, consumer rights, freedom of speech, open data and surveillance. Cybersecurity features as part of Big Idea Number 9: Encryption. The manifesto calls for individuals, businesses and public bodies to have the right to use strong encryption, … Continue Reading ››
Last month, Korea passed the world's first cloud-specific law, with the stated aim of driving the adoption of cloud computing in Korea. But what are the practical implications for cloud customers and cloud services providers in Korea? When does it come into force? On 3 March 2015, the Korean National Assembly passed the Act on the Development of Cloud Computing and Protection of Users (Cloud Act).  The bill has been under consideration since October 2013.  The final version of the Cloud Act is available here (currently only available in Korean). The Cloud Act comes into force on 28th September this year.  Before the Cloud Act comes into force, the Ministry of Science, ICT and Future Planning (Ministry) will establish additional rules for cloud services (as explained below). What will it do? The good news for cloud customers and cloud services providers alike is that the Cloud Act aims to promote the cloud market in Korea. The … Continue Reading ››
Olswang has just published the latest edition of the Cyber Alert, a regular round up of regulation, best practice and news from our international cyber breach and crisis management team.  There is a great deal to report since our last update in October 2014.  In February, the Olswang team visited our friends in the US, co-hosting a cyber workshop in Silicon Valley and presenting to the Los Angeles chapter of the IAPP on the latest status of the General Data Protection Regulation.  You can read our December 2014 status update on the draft Regulation, which includes an analysis of data breach notification here. In this edition:
With headlines frequently reporting large-scale cyber attacks, the UK’s cybersecurity measures – and their weaknesses – are under constant scrutiny and criticism. Yet many businesses fail to give sufficient priority to cybersecurity. The City of London Police Commissioner has claimed that businesses will not properly focus on cybersecurity until a cyber attack causes a major global company to cease trading. In the same speech, the Commissioner said that he believed the UK Government is doing “all it can” to address the threat. Defending against the menace of cyber attack cannot be achieved by any government on its own. The private sector and wider public sector will have to take their share of responsibility to help secure the digital resources of the UK. Nevertheless, it certainly helps the cause to have strong leadership from government. In this article we consider whether the UK Government really is doing all it can to promote the … Continue Reading ››
UK standards and benchmarks