All posts by Katharine Alexander

The latest round up of legal and regulatory developments and news relating to cybersecurity, brought to you by the Datonomy blogging team at Olswang LLP.  UK developments
  •  UK initiatives to develop the cyber insurance market, announced by the Government in November, have been the subject of a recent panel session hosted by industry group techUK. The website post considers: market drivers, the current state of the market, and potential solutions. The discussion featured contributions from Kroll, Hiscox, Dell and DBIS. Working groups in the Government’s initiative are due to report conclusions to the Cabinet Office by April 2015.
  • CESG (which is the information security arm of GCHQ) has published the latest document in its ongoing series, “Keeping the UK safe in cyber space”.  This new guidance is on “Technology and information risk management”.  The guide is aimed at public sector organisations and their supply chains, and outlines the factors … Continue Reading ››
A weekly round-up of legal and regulatory developments and news in the field of cybersecurity, brought to you by the Datonomy blogging team at Olswang LLP. UK developments
  • Further to our coverage last week of the UK/ US collaboration on cybersecurity, the issue continues to receive much coverage both in the mainstream media and trade press. The tech press gave positive coverage of David Cameron’s recent trip to the US after he took a delegation of UK cybersecurity companies to the US to meet with the Obama administration about responses to cyber threats.  Mr Cameron has appointed Andy Williams of Tech UK’s Cyber Connect project as the UK cyber envoy to be based in the British Embassy in Washington, DC.
  • The first initiative in this UK/US collaboration will be the planned “war games” to test each other’s preparedness for a cyber attack.  The drill will simulate attacks on the City of London … Continue Reading ››
With cyber attacks now routinely in the headlines, with the global cost of cybercrime estimated at $400 billion for this year and with governments responding with a host of counter-measures, The Datonomy team  is launching a weekly round-up to help you stay up to date the latest legal, regulatory and news developments from around the world. Given the inextricable link between data privacy and cybersecurity, we hope that Datonomy’s growing readership  will find this update useful. We look forward to hearing your comments, and welcome news and updates from Datonomy readers  around the globe. UK developments
  • Cyber security was again front page news last week with the announcement by the UK and US that they will stage cyber attack war games, initially in the financial services sector, and improve the exchange of cyber intelligence between the two powers – read the BBC’s coverage here. In related news, twelve UK cyber … Continue Reading ››
UK: Cyber security certification scheme launched Following the consultations on the requirements for a preferred standard for cyber security, which concluded in November 2013 (background information here), the Government has launched a new cyber security certification scheme. The scheme focuses on five main controls for basic cyber hygiene:
  • boundary firewalls and internet gateways;
  • secure configuration;
  • access control;
  • malware protection; and
  • patch management.
Businesses can apply for a “Cyber Essentials” certificate (based on independently verified self-assessment) or a “Cyber Essential Plus” certificate (offering a higher level of assurance through external testing). The scheme is designed to be affordable and offers a snapshot of the organisation’s cyber security effectiveness on the day of assessment. Guidance on meeting the Cyber Essentials requirements can be downloaded from the government-approved cyberstreetwise website here, and a summary of the scheme can be found here. Vodafone has become the first telecoms company to gain the UK ‘cyber essentials plus’ … Continue Reading ››
The ICO recently announced “subtle but significant” changes in its approach to data protection complaints about businesses made by the public. Consumer facing brands will want to stay on the right side of the law anyway – what will the changes mean in practice, and when does a business run the risk of enforcement action?  The ICO has launched a Consultation entitled ‘our new approach to data protection concerns’, running from 18 December 2013 to 31 January 2014, seeking to collect the views of ICO regulated organisations. The proposed changes are planned to take effect from 1 April 2014.  Why is the ICO’s approach changing? The ICO received 40,000 written enquiries or complaints, and 214,000 phone calls in 2012/13 from members of the public. In only 35% of these instances, had data protection legislation actually been breached. The ICO is therefore encouraging individuals to address their concerns to the organisation complained … Continue Reading ››
With privacy and security concerns about apps regularly in the headlines, developers and brands commissioning mobile apps should factor in the important new guidance issued recently by the ICO. The guidance and practical illustrations are also relevant to other online platforms e.g. smart TVs and games consoles. The Information Commissioner’s Office (ICO) has recently released guidelines for app developers to help them ensure apps comply with data protection laws. The guidance was released in the run-up to Christmas – when app sales soar (the ICO cites the statistic of 328 million apps downloaded in the UK on Christmas Day 2012). The guidance is timely, with privacy a worldwide concern: in the US, the  SpongeBob Squarepants app and Jay-Z’s Magna Carta app are two recent examples which have attracted adverse attention over alleged  lack of  privacy compliance, while in the UK security vulnerabilities in the SnapChat app … Continue Reading ››
With recent reports of ever more daring cyber-attacks on the banking system, and claims that cyber criminals are exploiting weaknesses in the supply chain to hack major corporations, Datonomy looks at the current EU proposals on reporting security incidents which are aimed at tackling the problem – and the concerns and flaws identified by industry and by legislators. What’s new? Some recent developments on the NISD Datonomy readers will be familiar with the proposal for a new EU Directive on Network and Information Security (NISD) unveiled by the Commission in February, and set for its first reading in the European Parliament in early 2014. The aim of the new measures is to boost security by imposing new standards, and auditing and reporting requirements on market operators – including key infrastructure providers (e.g. energy companies) and, more controversially, ecommerce platforms and social networks. Our earlier summary of those proposals can be found Continue Reading ››