Tag Archives: NISD

The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP.  EU policy and regulatory developments
  • General Data Protection Regulation (GDPR): The second trilogue negotiation is, according to this previously released (unofficial) timetable for completion, scheduled for today, 14 July.  The second meeting will focus on the issues of territorial scope (Article 3) and international transfers (Chapter V).  This 682 page document dated 8 July, but not yet uploaded to the Council’s website, has been leaked by Statewatch.  It is a line-by-line table comparing the Commission, EP and Council’s respective negotiating positions on the whole Regulation.  Regarding the issues of data security, data breach notifications and processor obligations contained in Chapter IV of the draft, according to the above unofficial timetable, these are due to be negotiated in September.  Although there are some differences of detail between the institutions’ … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • Latest UK stats on breach notification: The Information Commissioner’s Office published its annual report for 2014/2015 on 1 July 2015.  It includes statistics on data breach and data loss incidents reported voluntarily to the ICO (1,677 self-reported incidents, resulting in 1,707 investigations, £692,500 of fines, 3 enforcement notices and 26 undertakings).  There were 285 data breach reports by communications service providers under the compulsory PECR regime, and one CSP was fined for late notification.  It also includes statistics and trends on sources of complaints to the ICO – with security related complaints rising from 6 to 8% of all complaints reported to the ICO compared to the previous year - and on the type of enforcement action taken by the ICO in response.  Read the … Continue Reading ››
A fourth trilogue meeting to agree the Network and Information Security Directive (NISD) took place yesterday, 29 June.  The Council’s Latvian Presidency, whose term ends today, published this release heralding the “breakthrough” in talks with the European Parliament to finalise the law. However, this is an “understanding on the main principles” of the Directive, rather than an agreement on the final text. The most controversial aspect of the proposal – namely the extent to which online platforms should be subject to the new requirements on breach reporting – does not appear to have been fully resolved. The press release states that: “It was agreed that digital service platforms would be treated in a different manner from essential services.  The details will be discussed at a technical level.”  It is unclear at this stage just how differently, and what this might mean in practice.   The UK is one of the Member States … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments
  • Network Information Security Directive (NISD): The indications are that further trilogue negotiations to agree the Directive are due to take place, today 29 June. “Rapid” adoption of the NISD, and adoption of the GDPR by the end of the year, were among the conclusions adopted by Member States at the EU Council meeting on 25 and 26 June. A debrief from the trilogue is on the agenda for a meeting of the Council’s permanent representatives in Brussels tomorrow. The Council’s telecoms working party is due to meet on 2 July and according to this agenda there will be a debrief on the latest trilogue negotiations. Over the past week, further preparatory documents related to the trilogue - dated 23 and 26 June … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. EU policy and regulatory developments 
  • General Data Protection Regulation (GDPR): As Datonomy readers will by now be well aware, on 15 June the GDPR reached another key milestone with the EU Council (i.e. Member States) adopting their “general approach” to negotiating the whole proposal with the Parliament and the Commission. This means that all three EU institutions have declared their negotiating stance on the wide ranging proposal and that three way negotiations can now begin.  The first such trilogue is scheduled for 24 June, with a six month provisional timetable recently outlined by a group of MEPs here, aimed at adoption of the proposal by the end of 2015.  Given the complexity of the proposal and the fact that it has already taken three and a half years to … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • On 11 June the much-anticipated Report of the Investigatory Powers Review (or Anderson Report) was published, making recommendations for overhaul of the UK’s regimes for communications data retention and communications interception. It will inform the government’s promised Investigatory Powers Bill which is due to be published in the autumn for pre-legislative scrutiny. The news has been widely covered by the BBC, the Guardian and there is tech industry reaction on the website of Tech UK.
EU policy and regulatory developments
  • Network Information Security Directive (NISD): Inter-insitutional agreement on the draft Directive before the end of June – when the rotating Council Presidency will change hands from Latvia to Luxembourg – is looking less likely. The Telecoms Council met on 12 June to discuss … Continue Reading ››
The latest round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP. UK policy and regulatory developments
  • PwC has released its 2015 Information security breaches survey, conducted on behalf of the Department for Business, Innovation and Skills.  Some of the key findings from the report include:
    • There has been an increase in the number of large and small organisations suffering security breaches (90% of large organisations reported that they suffered a security breach – up from 81% in 2014);
    • For large organisations, the median number of security breaches for a year was 14;
    • The average cost of the worst single breach suffered by large organisations has more than doubled (from £600k to £1.46m);
    • Despite this increased severity, employee vigilance appears not to be improving as the 50% of the worst breaches suffered were attributed to inadvertent human error (up from 31% in 2014).
  • On the back … Continue Reading ››