SURVEY TO BENCHMARK CYBERSECURITY COMPLIANCE

Cybersecurity compliance is becoming increasingly complicated with multiple regulators across the globe weighing in on your legal requirements to manage cyber risk. If you have wondered how others are approaching their compliance strategy, you are not alone.

You are invited to participate in a brief survey regarding your business’s approach to cybersecurity legal requirements. Specifically, the purpose of this survey is to learn how businesses like yours are responding to cybersecurity legal requirements under the European Union’s General Data Protection Regulation (GDPR) and Network and Information Security Directive (NIS Directive). In particular, we are interested in whether and if so, how businesses in the U.S. and the EU and elsewhere are applying the U.S. National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity to comply with these EU cybersecurity requirements.  Understanding which standards business are applying in order to comply with these requirements could be helpful in encouraging consistency of cybersecurity frameworks in the U.S., the EU and other regions.

Please use the link provided below to access the survey which will take very few minutes to complete. We plan to publish the results in approximately six weeks. Please note that no individuals or specific businesses will be identified in any published results without their express consent.

CLICK HERE to begin the survey.

Thank you for your participation.

SHARE
EmailPrintShare

NAIC creates new Innovation and Technology (EX) Task Force

The National Association of Insurance Commissioners (NAIC) has created a new task force to monitor technology, data collection and Cybersecurity developments in the insurance industry.  The Innovation and Technology (EX) Task Force (IT Task Force) was formed on March 9, 2017 and reports directly to the NAIC’s Executive Committee.  The  IT Task Force will appoint and oversee the work of the following NAIC groups:  the Big Data Working Group, the Cybersecurity Working Group and the Speed-to-Market Working Group.  According to the NAIC’s March 9, 2017 press release, the IT Task Force’s purpose is to help insurance regulators stay informed about technology-related developments, products and services in the insurance industry, including start-up companies, and to ensure they meet consumer expectations and ensure consumer protections.  The press release notes that annual investment in insurance technology (InsurTech) has increased to more than $2.5 Billion and continues to grow.

Read More

SHARE
EmailPrintShare

Google’s Overseas Warrants: A Game of Tug-of-War Over Access to Data

On February 3, 2017, Eastern District of Pennsylvania Magistrate Judge Thomas J. Rueter ordered Google to comply with FBI search warrants to produce emails stored on foreign servers as part of a domestic criminal investigation.  In re Search Warrant No. 16-960-M-01 to Google (E.D. Pa. Feb. 3, 2017).  This ruling comes on the heels of the Second Circuit’s decision in Microsoft Corp. v. United States, 829 F.3d 197 (2d Cir. 2016) (denied rehearing on January 24, 2017), which reached an opposite decision and held that Microsoft could not be forced to turn over user data stored on a server located in Ireland.  (For more background, see Second Circuit Microsoft Ruling: A Plea for Congressional Action (August 8, 2016)).

Read More

SHARE
EmailPrintShare

Australia’s Long Anticipated Breach Notification Law Passes

*The authors are not licensed to practice law in Australia, and this information is intended for educational purposes only.

Australia has passed data breach notification legislation requiring certain companies with annual revenue over AU $3 million  ($2.3 million) to notify the Australian Information Commissioner and affected individuals in the event of a qualifying data breach.

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 (“the Bill”), which the Australian Senate passed on February 13th, amends the Privacy Act of 1988 (Privacy Act) to require that qualifying companies provide notification if there is “unauthorized access to, unauthorized disclosure of, or loss of, personal information by an entity,” and “the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.” According to the Office of the Australian Information Commissioner, examples of personal information include names, signatures, addresses, telephone numbers, dates of birth, medical records and “commentary or opinion” about individuals.

Read More

SHARE
EmailPrintShare

ICO Publishes Draft Guidance on Consent Under the GDPR and Submit it to Public Consultation

On 2 March 2017, the UK Information Commissioner’s Office (“ICO”) published detailed draft guidance on consent under the GDPR and has submitted it for public consultation. This is the ICO’s first piece of specific GDPR guidance published further to its overview of the GDPR published last January.

The guidance sets out the ICO’s interpretation of the new requirements to obtain valid consent under the GDPR including its view of the role of consent in the GDPR, the benefits of getting consent right and the penalties for getting it wrong. The guidance also explains: (i) when consent is required or appropriate (or not) and the alternative to consent; (ii) what constitutes valid consent under the GDPR with specific guidance on children’s consent and consent for research purposes; (iii) advice on how to obtain, record and manage consent; and (iv) a consent checklist.

Read More

SHARE
EmailPrintShare

The Continuing Impact of the Judgment of the Court of Justice of the European Union Declaring Invalid the European Commission’s Decision on U.S.-EU Safe Harbor

The decision by the Court of Justice of the European Union (the CJEU) on Oct. 6, 2015, invalidating the U.S.-EU Safe Harbor Decision (the Judgment) is a landmark judgment. Case C-362/14 Maximillian Schrems v Data Protection Commissioner [2015] ECLI: EU:C:2015:650. By voiding the legal basis for transatlantic data transfers for the 4,400 companies reliant on U.S.-EU Safe Harbor, the Judgment began what has been a seismic year for data protection and crossborder data transfers in the European Union, whose aftershocks will reverberate throughout 2017 and beyond.

Read More

SHARE
EmailPrintShare

NYDFS issues final cybersecurity regulations, setting new industry standard for cybersecurity controls

On February 16, 2017, the New York State Department of Financial Services (the “NYDFS”) issued its final regulations setting forth minimum requirements for NYDFS-regulated entities to address cybersecurity risk (“Final Regulations”).  The NYDFS issued the Final Regulations after considering feedback and criticism received during two comment periods  — one following the NYDFS’s initial publication of the proposed regulation (on September 13, 2016) and a second comment period after the NY DFS published a revised version of the regulation (on December 28, 2016.)

The Final Regulations will be effective as of March 1, 2017, with a transitional period of 180 days from that date for Covered Entities to comply with the Final Regulations, except for certain enumerated provisions for which longer compliance periods are specified.  The annual certification of compliance (covering the prior calendar year) will be required beginning on February 15, 2018.

Read More

SHARE
EmailPrintShare
1 2 3 39
SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator