The latest round up of legal, regulatory and other news from the Datonomy blogging team at Olswang LLP. With thanks to: Christian Leuthner in Munich, Aisling O’Dwyer and Matt Hunter in Singapore, and Callum Monro-Morrison in London for their contributions to this week’s alert. EU POLICY AND REGULATION
  • Datonomy’s correspondent in Munich, Christian Leuthner has tweeted, that Germany’s IT Security Act came into force on 25 July. See his more detailed coverage of the new Act here
  • Network and Information Security Directive: A glimmer of progress on the EU’s draft NISD in the past week, with the mention on the Council’s Consilium website of a Council document “Drafting suggestions on operators providing essential services”. As Datonomy readers will be aware, one of the sticking points on the Directive has been the extent to which online services should be caught by the new rules. At the end of … Continue Reading ››
The latest round up of legal and regulatory developments and news on cyber security from the Datonomy blogging team at Olswang LLP. With thanks to Datonomy’s correspondents Tom Pritchard in London and Sylvie Rousseau (Paris and Brussels) for their contributions to this week’s update.  EU policy and regulatory developments
  •  General Data Protection Regulation: ITProPortal and the Register are reporting that the trilogue negotiations on 14 July made “good progress” and culminated in agreement on Chapter 5 (territorial scope) and Article 3 (international transfers).  The Council’s Consilium website has posted a document detailing the debrief that the Council received on 15 July, however, this document is not yet publically accessible so we cannot report on the substance of the agreed compromise.   The Register’s article states that “there has been a notable push to get the GDPR onto the law books as soon as possible. Negotiators have set themselves an ambitious deadline … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP.  EU policy and regulatory developments
  • General Data Protection Regulation (GDPR): The second trilogue negotiation is, according to this previously released (unofficial) timetable for completion, scheduled for today, 14 July.  The second meeting will focus on the issues of territorial scope (Article 3) and international transfers (Chapter V).  This 682 page document dated 8 July, but not yet uploaded to the Council’s website, has been leaked by Statewatch.  It is a line-by-line table comparing the Commission, EP and Council’s respective negotiating positions on the whole Regulation.  Regarding the issues of data security, data breach notifications and processor obligations contained in Chapter IV of the draft, according to the above unofficial timetable, these are due to be negotiated in September.  Although there are some differences of detail between the institutions’ … Continue Reading ››
The second trilogue negotiation is, according to this previously released (unofficial) timetable for completion, scheduled for today, 14 July.  This second meeting will focus on the issues of territorial scope (Article 3) and international transfers (Chapter V).  For Datonomy readers with the stamina to read it, this 682 page document dated 8 July, but not yet uploaded to the Council’s website, has been leaked by Statewatch.  It is a line-by-line table comparing the Commission, EP and Council’s respective negotiating positions on the whole Regulation. The issues of data security, data breach notification and processor obligations contained in Chapter IV of the draft, according to the above unofficial timetable, are not due to be negotiated until September.  Although there are some differences of detail between the institutions’ positions, this is one of the less contentious aspects of the Regulation, and the leaked document does not contain any surprises as regards … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • Latest UK stats on breach notification: The Information Commissioner’s Office published its annual report for 2014/2015 on 1 July 2015.  It includes statistics on data breach and data loss incidents reported voluntarily to the ICO (1,677 self-reported incidents, resulting in 1,707 investigations, £692,500 of fines, 3 enforcement notices and 26 undertakings).  There were 285 data breach reports by communications service providers under the compulsory PECR regime, and one CSP was fined for late notification.  It also includes statistics and trends on sources of complaints to the ICO – with security related complaints rising from 6 to 8% of all complaints reported to the ICO compared to the previous year - and on the type of enforcement action taken by the ICO in response.  Read the … Continue Reading ››
Welcome to the latest edition of Olswang's Cyber Alert (PDF available here), a regular round up of regulation, best practice and news from our international cyber breach and crisis management team. Q2 has seen the publication of several major reports into the current threat landscape.  In this edition we review:
  • the Ponemon Institute’s tenth annual study into the cost of data breaches which gives insight into the measures that can reduce the cost of breaches – and those responses which can actually be counter-productive in terms of cost;
  • PwC’s 2015 breaches survey which reveals that one third of businesses are still failing to assess cyber risk; and
  • The first annual report of the UK Computer Emergency Response Team with its analysis of the key threats of the past year and its predictions for the year ahead.
In our regulatory radar section, we track the progress of various legislative initiatives including:
The Computer Emergency Response Team (CERT-UK) was launched in March 2014 to collaborate with industry, government and academia as part of the government’s holistic plan to enhance cyber resilience.  After just one year in operation, the organisation has become a central hub for the sharing of threat information (enabled by the Cyber Security Information Sharing Partnership (CiSP)) and their first annual report, published in May (covering April 2014 – March 2015), highlights the panoply of cyber intelligence that is now gathered and distributed in order to protect the UK economy and grow the cybersecurity industry. CERT’s weekly alerts, regularly detailed as part of Datonomy’s weekly cyber updates, have become an excellent source of bite-size information about the most recent and dangerous cyber threats and the availability of the industry’s most up to date software patches.  However, the annual report affords the opportunity for the organisation to really … Continue Reading ››