Category Archives: GDPR

The latest round up of legal and regulatory developments and news on cyber security from the Datonomy blogging team at Olswang LLP. With thanks to Datonomy’s correspondents Tom Pritchard in London and Sylvie Rousseau (Paris and Brussels) for their contributions to this week’s update.  EU policy and regulatory developments
  •  General Data Protection Regulation: ITProPortal and the Register are reporting that the trilogue negotiations on 14 July made “good progress” and culminated in agreement on Chapter 5 (territorial scope) and Article 3 (international transfers).  The Council’s Consilium website has posted a document detailing the debrief that the Council received on 15 July, however, this document is not yet publically accessible so we cannot report on the substance of the agreed compromise.   The Register’s article states that “there has been a notable push to get the GDPR onto the law books as soon as possible. Negotiators have set themselves an ambitious deadline … Continue Reading ››
The latest round up of regulatory news from the Datonomy blogging team at Olswang LLP. Reports and statistics  The Ponemon institute has published its 10th annual benchmarking study into the Cost of Data Breach for the US. Headline statistics, which drew on a sample of 62 US companies in 16 sectors, include the following:
  • $6.5m is the average total cost of data breach
  • 11% increase in total cost compared to last year
  • $217 is the average cost per lost or stolen record (up 8%)
  • Malicious or criminal attacks continue to be the primary cause of breach, and these were also the most costly breaches.
Olswang will provide further coverage of the latest Ponemon findings in its Q2 Cyber Quarterly . UK policy and regulatory developments
  • CERT-UK: CERT’s latest weekly update is available here and highlights the risk from phishing attacks launched by means other than email (e.g. text and instant messaging apps) along with … Continue Reading ››
Olswang has just published the latest edition of the Cyber Alert, a regular round up of regulation, best practice and news from our international cyber breach and crisis management team.  There is a great deal to report since our last update in October 2014.  In February, the Olswang team visited our friends in the US, co-hosting a cyber workshop in Silicon Valley and presenting to the Los Angeles chapter of the IAPP on the latest status of the General Data Protection Regulation.  You can read our December 2014 status update on the draft Regulation, which includes an analysis of data breach notification here. In this edition:
Draft Network and Information Security Directive: entering final negotiation phase? When we published our last Cyber Alert in late October 2014, the first trilogue negotiation between the three EU institutions had just taken pace, a second took place in November and the third and final meeting was scheduled for 9 December. The outgoing Italian Council Presidency published a statement that it was “confident the EP and the Council…will reach a deal before the end of the year”. However, progress updates then went quiet. It was not until 11 March that the (now Latvian) Council Presidency announced that the Council’s negotiating mandate had been agreed at the Permanent Representatives Committee. This means that negotiations with the Commission and Parliament can resume, and this third trilogue is scheduled for late April. It appears that one of the main sticking points within the Council has been the scope of the “market operators” who will be … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP.  UK policy and regulatory developments
  • Given that passwords are often a weak-point in user security, CERT UK have focused on Windows 10 and Yahoo’s new approach to the topic.  Windows 10 is developing a series of biometric tools (such as fingerprint, facial and iris recognition), whereas Yahoo is developing a system to provide one-time passwords every time a user tries to log in.  See CERT UK’s weekly update for 19 March 2015 here.
  • CERT’s latest weekly update also contains a plug for its recently published 12 page guidance “Cyber Security risks in the supply chain”.  This illustrates recent examples of supply chain compromise, including those arising from third party software providers, website builders, third party data stores and watering hole attacks.
  • The Department for Business, Innovation & Skills has updated … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • The Department for Business, Innovation and Skills (DBIS) has published cybersecurity guidance for small businesses.  The guide details how stronger passwords, up-to-date software and staff training can go a long way in protecting company assets and goodwill.  The guide also emphasises that in 2014, 60% of small businesses experienced a cyber breach and that the average cost of the worst breach was between £65,000 and £115,000.
  • On 9 March the Government announced various new initiatives to boost entry into the cyber security profession. The Government press release estimates the UK cyber security industry to be worth £6 billion, employing 40,000 people – with significant growth predicted in the coming years.
  • With the Apple Watch and other wearable tech much in the news this week, CERT … Continue Reading ››