Consumer data / Cybersecurity / Internet of Things / national security / Risk-based approach

Governments push on with Cybersecurity Law and Policy Initiatives – an Overview so far in 2017

Another day, another massive personal data security breach… but how have law-makers and regulators reacted in developing cyber-security policies so far this year? This week it was reported that Equifax – the US credit bureau – suffered a giant cybersecurity breach this summer compromising the personal information (including names, social security numbers, birth dates, addresses, … Continue reading

Brexit / Data protection / Data transfer / Jurisdiction / safe harbour

EU Approves ‘Privacy Shield’ Safe Framework for Trans-Atlantic Personal Data Transfers

Privacy shields doubling as privacy swords? … While “the best defence” may also make a “good offence” (or, “offense”, as our US counterparts would call it), first you need to be confident that your defence strategy works! Last Friday, a statement was made by EU Vice-President Ansip and Justice Commissioner Vera Jourová announcing the adoption … Continue reading

Security

Government concerns over vulnerabilities in data security chains

‘Contractors – You are the Weakest Link!’ This week, a US government contractor released a statement regarding the latest in a line of security breaches involving the theft of personal data of government employees from it this year. The contractor, which is active in carrying out employee background security checks on behalf of the US … Continue reading

Breach notification / Data protection / Privacy / Privacy impact assessment / Security

‘Nothing is agreed until everything is agreed’… but still a new version of Chapter IV of the proposed General Data Protection Regulation has been released!

The Council of the European Union has agreed on a “partial general approach” when reviewing specific aspects of the proposed General Data Protection Regulation (GDPR) in a note issued on the 3rd of October 2014 for publication in the Council Register. In particular, the note contains a revised version of the draft text of Chapter … Continue reading

Data protection / Privacy / Security

UK government issues guidance on how to ‘bring your own device’ safely

The Centre for the Protection of National Infrastructure has produced a collection of guidance notes on best practices for managing the risks inherent to scenarios where employees use their own devices for work purposes. They complement existing guidance by the Information Commissioner’s Office on this topic. The guidance focuses on how to design network architecture … Continue reading