Tag

Cybersecurity

Browsing

On January 7, 2020, the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) announced its 2020 Examination Priorities that included cybersecurity practices. Soon after the publication of the OCIE Examination Priorities, on January 27, 2020, OCIE followed-up with a report entitled Cybersecurity and Resiliency Observations These two OCIE releases, along with prior SEC alerts and actions, provide strong indications that the SEC, in 2020, will be ramping up its focus…

As part of the Cyberspace Administration of China (CAC)’s recent push to accelerate formulation of the implementation rules of the China Cybersecurity Law (CSL), it published the draft Measures for Security Assessment of Export of Personal Information (for public consultations) on 13 June 2019 (“Draft Security Assessment Measures”). As the CAC appears to propose adopting two separate sets of rules and requirements on the security assessment of outbound provision of personal information and important data,…

Effective January 1, 2020, according to a new Cal. Civ. Code § 1798.91.04(a), manufacturers of connected devices offered for sale or sold in California must equip such devices with reasonable security features to protect the device and any information contained in them from unauthorized access, destruction, use, modification, or disclosure. Unlike the GDPR and other data privacy laws, which impose obligations on data controllers and processors, the Californian law applies to organizations irrespective of whether…

Taiwan’s Legislative Yuan recently in May 2018 passed the Cybersecurity Management Act (the Act, 資通安全管理法), and now awaits its implementation schedule (including effective date), which will be decided by the competent authority for the Act (Administrative Yuan) in the near future.In addition to government agencies, the Act also requires Providers of Critical Infrastructure (關鍵基礎設施提供者) to establish and maintain a safe, stable and secure cyber environment.Who is a Provider of Critical Infrastructure?The Act applies to providers…

Japanese cryptocurrency exchange CoinCheck confirmed on 26 January 2018 that it has been the victim of a massive hack, resulting in what would appear to be the largest cryptocoin theft of all time. In a press conference CoinCheck admitted that the current understanding was that the hackers had stolen around 523 million of the exchange’s NEM coins which, at the time of detection, were worth around $534 million. This would surpass the $400 million worth of…

On 10 January 2018, the UK ICO issued a fine to Carphone Warehouse amounting to £400,000, close to the maximum (of £500,000) under its current powers within the current (pre-GDPR) law. Carphone Warehouse’s computer systems, which contained significant amounts of personal data including customer and employee records as well as historic transaction details, had been the subject of an external cyber-attack.The ICO focussed on what it saw as a series of basic errors which a…

The China Food and Drug Administration (“CFDA”) has issued guidelines aimed to implement China’s new Cybersecurity Law (“CSL”) in the administration of medical devices in China. This development is a clear signal that Chinese regulators intend to enhance cybersecurity protection in the healthcare sector.From 1 January 2018, medical device companies will be required to register their networked medical devices with the CFDA and be assessed for their cybersecurity protection status under the Principles on Guiding…

In a surprising turn of events, the New York State Department of Financial Services (“DFS”) announced on December 28 significant changes to its cybersecurity regulation in response to industry concerns that the agency’s original proposal was too prescriptive, and did not allow enough time for compliance.In September of 2016, DFS had proposed stringent cybersecurity requirements aimed at protecting “Nonpublic Information” within the custody or control of banks, insurers, and other financial institutions (“Covered Entities”) from…

For the third year running we have undertaken our Cloud Survey, in which we reach out to individuals within our firm clients and partner organisations in the cloud services space. We use the survey to uncover trends in this important marketplace, and to understand buyers’ and providers’ key objectives, hesitations and criteria for procurement and contracting. While this year a greater majority (66%) of survey respondents were in a legal role, procurement, marketing, IT, InfoSec and…

The New York State Department of Financial Services (“DFS”) proposed a first-of-its-kind cybersecurity regulation aimed at protecting consumers and financial institutions from cyber-attacks (“Regulation”). The new Regulation, announced by Governor Andrew Cuomo, covers all banks, insurers, and other financial services institutions under DFS’s jurisdiction. It creates new requirements for banks and insurers (“Covered Entities”) to establish and maintain robust controls to protect IT systems against unauthorized access and other malicious acts. Among the list of…