Datonomy will be taking a short break over the upcoming UK bank holiday, so here is this week's round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP, a little sooner than usual. UK policy and regulatory developments
  • CERT-UK has published its first annual report detailing the major pieces of malware that have operated in the UK over the last year (spread by criminal groups and nation states), a sector breakdown, a review of the Cyber Europe 2014 programme and the Cyber Security Information Sharing Partnership (CiSP), in addition to six predictions for 2015/2016, that include:
    • The supply chain will be hit hard (following supply chain weaknesses exploited in the attacks on US companies JP Morgan, Target and Home Depot, the threat is expected to cross the Atlantic this year) ;
    • Mobile devices will be a single point of failure for business and … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • The Department for Business, Innovation and Skills has announced the addition of two more participating companies to the cybersecurity supplier to government scheme.  The NCC Group and Perspective Risk Ltd can now advertise themselves as companies supplying a cybersecurity product to the UK government and use the government’s logo in marketing materials in order to increase the UK’s cybersecurity exports.
EU policy and regulatory developments
  • Network and Information Security Directive (NISD): There is a frustrating dearth of information in the public domain about the latest progress on the NISD. The EU Council’s Consilium website page on the Directive has been updated with the following report: A third trilogue meeting took place on 30 April 2015. Although progress was made during the trilogue, important differences remain between the … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • Election special: It will be interesting to see what the new Conservative Government means for cybersecurity. The Conservative manifesto pledged to continue investment in cyber defence capabilities and improve response to cyber crime with reforms to police training (including the use of volunteer  “Cyber Specials”).  Datonomy will be looking out for new policy announcements - the state opening of Parliament and the Queen’s Speech will be on 27 May.  In terms of ministerial appointments which may have a bearing on cyber policy, these include: Matt Hancock, who has replaced Francis Maude as Minister for the Cabinet Office, Oliver Letwin who is in overall charge of the Cabinet Office and Sajid Javid, the new  Secretary of State for Business, Innovation and Skills.
  • On 7 May the … Continue Reading ››
Singapore's Personal Data Protection Commission (PDPC) has been busy.  It has just published a number of new resources to help businesses comply with the Personal Data Protection Act.  Here are the three we have identified as having the biggest practical application for companies in Singapore:
  1.  Sample clauses and guidance for marketing consents.  For companies collecting data for marketing purposes, these standard clauses will help.  They cover a broad range of scenarios, including consent in the context of membership applications and lucky draws, and language for the withdrawal of consent.  The PDPC has also published some guidance to support the sample clauses.
  2. Guide to securing data "in electronic medium".  For organisations which store data in an electronic format (so, pretty much everyone), these guidelines list certain specific IT security measures that can be implemented to enhance security, split into "good practice" and "enhanced practice".
  3. Guide to managing data breaches.  The PDPC … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • According to SC Magazine, the Bank of England has approved its first commercial provider of CBEST threat intelligence and penetration testing (read more from Datonomy about the financial sector CBEST programme here).  The company now approved to assess financial sector companies’ preparedness for a cyber attack is BAE Systems.
EU policy and regulatory developments
  • Network and Information Security Directive (NISD):  as we reported in last week’s update, the next trilogue meeting on the draft Directive was reportedly taking place on 30 April.  As yet we have been unable to find any progress reports in the public domain, other than a headline on the EU Issues Tracker Service (subscription required) indicating that the Council’s permanent representatives are due to receive a debrief today, 5 May, indicating … Continue Reading ››