Government Regulation, Legislation & Enforcement – Page 15

Elon Musk Acquires X.com

Jul 25 2017

By Cameron Abbott and Olivia Coburn

Elon Musk has repurchased X.com, a website he created 18 years ago in 1999, although his intentions for the purpose of the domain remain unclear.

X.com was one of the world’s first online banks, insured by FDIC and partnered with Barclays. X.com was initially intended to be full service online financial institution, but could not overcome regulatory challenges. At that time, financial regulatory systems were not equipped to deal with the products that X.com was offering, which included online savings accounts, brokerage services and insurance products.

Time is Running Out – Compliance with new EU Data Protection Rules (GDPR)

Jun 22 2017

By Cameron Abbott and Edwin Tan

Companies are failing to prepare adequately for the new EU General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, less than a year from today.

A partner at Crowe Horwarth was quoted in the Financial Times as saying that a recent survey found that over 60% of financial services companies were only just starting to get ready for GDPR, or were still trying to understand the gaps they needed to address. This is a particular concern as long timeframes may be needed to remedy any identified gaps, particularly where legacy IT systems are used. In addition, other companies are viewing the GDPR as a “nuisance”, treating it as a check-box ticking exercise rather than a serious compliance issue.

The GDPR will require companies to adopt much stricter procedures and processes when handling customer data. The maximum fine for non-compliance is 4 percent of the previous year’s annual global turnover, or €20 million, whichever is the greater. In addition, company executives can also face criminal penalties if deemed responsible for data breaches.

Companies must start work immediately on implementing changes required by the GDPR in order to avoid exposure to significant liability. Read more about the GDPR here.

Together we are stronger – Australia and Singapore partner up on cybersecurity

Jun 06 2017

By Cameron Abbott and Allison Wallace

A freshly inked Memorandum of Understanding between Australia and Singapore will see the two countries strengthen their cybersecurity through a joint effort to build a secure and resilient cyber space.

The two-year partnership which was signed last week, will see Singapore’s Cyber Security Agency work with the Australian government to conduct regular information exchanges on cyber threats, share best practices to promote innovation in cyber security, and build cyber security capabilities. Read More

Australia and China to Cooperate Against Cybercrime

May 24 2017

By Cameron Abbott and Edwin Tan

On 21 April 2017, Australian and Chinese Government representatives attended the inaugural Australian-China High-Level Security Dialogue. The Dialogue was launched to promote discussion between the two countries in the areas of counter-terrorism, cybercrime and other important security issues.

According to a joint statement by both parties, Australia and China reaffirmed their commitment to cooperate on cybersecurity issues. The key commitments include:

supporting the work of the UN Group of Governmental Experts and to act in accordance with its reports;
establishing an information-sharing mechanism to assist in combating cybercrime and preventing cyber incidents that could cause problems between the countries;
working together against internet distribution of child sex abuse material, e-mail scams and other transnational cybercrime activities;
discussing options for joint operations against cybercrime; and
exchanging cybersecurity delegations and regulatory documents to enhance understanding, cooperation and mutual trust.

The second High-Level Security Dialogue session will be held in China in the first half of 2018. One imagines that this is a tricky dialogue to foster, but clearly Australia takes the view of better off having China “in the tent than out”. Read the joint statement here.

New Mexico’s New Data Breach Notification Laws

May 05 2017

By Cameron Abbott and Edwin Tan

New Mexico has followed other U.S. states in enacting data breach notification laws coming into effect on 16 June 2017. The statute will only apply to computerised data, which is narrower in scope compared to Australian laws that also apply to physical records.

The key provisions from the new data breach laws include:

Companies must notify New Mexico residents, the Attorney General and Consumer Reporting Agencies as appropriate within 45 days of discovery of data breaches that pose “a significant risk of identity theft or fraud”;
Companies that disclose Personal Identifying Information to third party vendors must contractually require the vendors to implement and maintain reasonable security procedures; and
Civil penalties of $10 per instance of failed notification up to a maximum of $150,000.

There are concerns that this adds another layer of complexity for companies trying to remain compliant, as they will now have to comply with data breach notification laws of 48 states and 3 territories. We think that there may be a big push for a unified federal law on this issue in the near future.

The police are reading … a lot … more than half a million times last year

May 02 2017

By Cameron Abbott and Edwin Tan

News Corp reported today that law enforcement agencies accessed the private data of Australian individuals about 541,300 times during the past 12 months. This is an estimated increase of about 60 percent compared to the previous year.

This is in addition to the Australian Federal Police (AFP) confirming on Friday that an officer had accessed phone records without a warrant earlier in the year. No action was taken against the officer.

The 2015 amendments to the Telecommunications (Interception and Access) Act 1979 (Cth) made it mandatory for telecommunications companies and internet service providers to retain metadata. This metadata can be accessed without a warrant by 21 government agencies, including the AFP.

However, journalists’ telecommunications data cannot be accessed by agencies without first obtaining a “Journalist Information Warrant”. An agency must apply to a Federal Court judge or a nominated Administrative Appeals Tribunal member to be granted the warrant.

The breach has sparked calls for an independent and public inquiry into the AFP, with Senator Nick Xenophon calling the incident “a complete failure with no real explanation”. Not the last we will hear about this issue we think. Read more about this here.

Draft law proposes security assessment of data exported out of China

Apr 17 2017

By Cameron Abbott and Allison Wallace

The Cyberspace Administration of China has released a draft law that would impose an annual security assessment on firms exporting data out of China.

The proposed legislation would apply to any business which transfers more than 1000 gigabytes of data, or which affects more than 500,000 users, and is the latest of several safeguards announced in recent times against threats such as hacking and terrorism.

Under the draft law, economic, technological or scientific data whose transfer would post a threat to public or security interests would be banned, and there would be extra scrutiny of sensitive geographic data.

Businesses would also have to obtain the consent of users before transmitting it overseas.

The draft law follows another passed in November 2016 which formalised a range of controls over firms that handle data in industries the Chinese government labels critical to national interests.

Is Uber’s Greyball pushing the boundaries of what is legally and ethically OK?

Mar 13 2017

By Cameron Abbott and Allison Wallace

Ridesharing service Uber has been using a self-developed program called Greyball in a bid to avoid regulatory scrutiny and other law enforcement activity.

As reported in The New York Times, the program uses various techniques to survey government officials when rolling out the service in new cities. This came after Uber’s services encountered legal issues (including cars being impounded and drivers fined) as it tried to operate in new locations, including in Melbourne, Australia. Read More

Australia’s new data breach notification laws: what they mean for you

Feb 15 2017

By Cameron Abbott, Rob Pulham and Allison Wallace

Further to our blog post yesterday, we’ve prepared a summary into the implications of the Privacy Amendment (Notifiable Data Breaches) Bill 2017 that has now been passed by both houses of Parliament. Read our article here.

Update: Mandatory Data Breach Notification Laws closer to being introduced

Feb 07 2017

By Cameron Abbott and Allison Wallace

As foreshadowed by the Attorney General’s Department last year, the Australian government is pushing ahead with its plan to introduce mandatory data breach notification laws, with Parliament today agreeing to a third reading of the Privacy Amendment (Notifiable Data Breaches) Bill 2016. You can find more about the proposed legislation here. We’ll keep you updated as the bill makes its way through parliament.

Catagory:Government Regulation, Legislation & Enforcement