Tag:regulation

1
US Department of Homeland Security unveils five point strategy to combat cyber risk
2
DNA Profiles shared online lead to serial killer’s arrest
3
Over half of notifiable data breaches caused by human error
4
Mark Zuckerberg to testify to US Congress as Facebook indicates Cambridge Analytica accessed data from up to 87 million accounts
5
Australian Government Contractor Data Breach
6
Equifax data breach: 143 million records exposed but senior executives not told immediately?
7
Draft law proposes security assessment of data exported out of China
8
Is Uber’s Greyball pushing the boundaries of what is legally and ethically OK?
9
SAP criticises impending EU data protection laws
10
Data breach penalties could cost U.K. companies £122B in 2018

US Department of Homeland Security unveils five point strategy to combat cyber risk

By Cameron Abbott and Sarah Goegan

This week, the US Department of Homeland Security (DHS) released its Cybersecurity Strategy. The five “pillar” strategy will be executed by the DHS over the next five years, and aims to improve national cybersecurity risk management.

Read More

DNA Profiles shared online lead to serial killer’s arrest

By Warwick Andersen, Rob Pulham and Sarah Goegan

Last week, California police arrested Joseph James DeAngelo, the man suspected of being the “Golden State Killer” or “East Area Rapist”, a serial killer and rapist who terrorised parts of California in the 1970s and 80s.

Of particular interest is how he came to be arrested, with the help of DNA matched on a genealogy website.

Read More

Over half of notifiable data breaches caused by human error

By Warwick Andersen, Rob Pulham and Keely O’Dowd

Following on from Friday’s blog, we have looked at a particular aspect of the Office of the Australian Information Commissioner’s Notifiable Data Breaches Scheme quarterly report in more detail.

Read More

Mark Zuckerberg to testify to US Congress as Facebook indicates Cambridge Analytica accessed data from up to 87 million accounts

By Warwick Andersen, Rob Pulham, Allison Wallace and Sarah Goegan

Facebook indicated in a blog post yesterday that information of up to 87 million people – 37 million more than originally revealed – may have been improperly shared with Cambridge Analytica.

Facebook also reported that this may have included data of more than 300,000 Australians. The company’s chief technology officer, Mike Schroepfer, said the company would make major changes to the way third-parties can access data on the platform. He also said users would be informed if their information could have been improperly shared with Cambridge Analytica.

Read More

Australian Government Contractor Data Breach

By Cameron Abbott, Allison Wallace and Olivia Coburn

The personal details of almost 50,000 Australians have been published online by a third party government contractor, who is yet to be identified. And I guess you would feel a little shy about owning up to this one!

Read More

Equifax data breach: 143 million records exposed but senior executives not told immediately?

By Cameron Abbott and Olivia Coburn

Equifax has joined Yahoo on the podium for the award no one wants: suffering one of the largest data breaches in history.

Equifax, one of the three largest US credit reporting agencies, announced last week that it suffered a cybersecurity incident potentially impacting 143 million US consumers –  a figure comprising of roughly 55 per cent of Americans aged 18 years or older. Some UK and Canadian residents are also affected.

Read More

Draft law proposes security assessment of data exported out of China

By Cameron Abbott and Allison Wallace

The Cyberspace Administration of China has released a draft law that would impose an annual security assessment on firms exporting data out of China.

The proposed legislation would apply to any business which transfers more than 1000 gigabytes of data, or which affects more than 500,000 users, and is the latest of several safeguards announced in recent times against threats such as hacking and terrorism.

Under the draft law, economic, technological or scientific data whose transfer would post a threat to public or security interests would be banned, and there would be extra scrutiny of sensitive geographic data.

Businesses would also have to obtain the consent of users before transmitting it overseas.

The draft law follows another passed in November 2016 which formalised a range of controls over firms that handle data in industries the Chinese government labels critical to national interests.

Is Uber’s Greyball pushing the boundaries of what is legally and ethically OK?

By Cameron Abbott and Allison Wallace

Ridesharing service Uber has been using a self-developed program called Greyball in a bid to avoid regulatory scrutiny and other law enforcement activity.

As reported in The New York Times, the program uses various techniques to survey government officials when rolling out the service in new cities. This came after Uber’s services encountered legal issues (including cars being impounded and drivers fined) as it tried to operate in new locations, including in Melbourne, Australia. Read More

SAP criticises impending EU data protection laws

By Cameron Abbott and Allison Wallace

SAP has expressed concerns over the implications of the landmark EU data privacy regulations, saying the penalties that will be imposed are too high, and could impede the development of Europe’s start-up culture.

The data privacy regulation will be implemented in May 2018, and includes fines for EU companies up to 4 per cent of their global revenues if they commit a significant breach of data privacy.

In an interview with the Financial Times, SAP’s head of products and innovation, Bernd Leukert said he believes the penalties are too high, and put companies at risk of losing their entire revenue if they commit multiple breaches.

Mr Leukert said he also fears that the EU regulations were not properly aligned with laws in other jurisdictions, such as the US.

Data breach penalties could cost U.K. companies £122B in 2018

By Cameron Abbott and Rebecca Murray

U.K. businesses could face up to £122 billion in penalties for data breaches when EU legislation comes into effect in 2018, according the Payment Card Industry Security Standards Council (PCI SSC). The EU’s General Data Protection Regulation (GDPR) will introduce fines for groups of companies of to €20 million or 4% of annual worldwide turnover, significantly higher than the current maximum of £500,000. This means that if data breaches remain at 2015 levels, the fines paid to the European regulator could see a near 90-fold increase, from £1.4 billion in 2015 to £122 billion, the PCI SSC calculated. For large U.K. organisations, this could see regulatory fines for data breaches soar to £70 billion, more than a 130-fold increase, rising to an average of £11 million per organisation. Regulatory fines for SMEs could see a 57-fold increase, rising to £52 billion, averaging £13,000 per SME. Read more at ComputerWeekly.com by clicking here.

 

Copyright © 2024, K&L Gates LLP. All Rights Reserved.