BreachExchange mailing list archives
Global cybersecurity still fractured but getting tougher
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 30 Sep 2013 22:36:30 -0600
http://www.insidecounsel.com/2013/09/26/global-cybersecurity-still-fractured-but-getting-t Cybersecurity may be a top concernfor legal counsel, but the shifting waters of global cybersecurity law are becoming increasingly difficult to navigate. With recent changes in cybersecurity law across the globe, the cybersecurity legal realm is no longer as uniform as it once was, while rules are becoming tougher across the board. Take, for instance, the differences between Europe, Asia and the U.S. trial attorneys. Thomas Mahlum and Melissa Goodman of Robins, Kaplan, Miller & Ciresi L.L.P. wrote on InsideCounsel in August, the European Union (EU) has one completely codified set of rules for what counts as personally identifiable information (PII), with the EU Data Protection Directive and the Organization for Economic Cooperation and Development Guidelines. The Asian-Pacific Economic Cooperation, however, takes a less strict view of PII in the APEC Framework. The U.S., meanwhile, has a number of guidelines to abide by, including the Video Privacy Protection Act, the Cable Television Protection and Competition Act, the Children's Online Privacy Protection Act, and the Stored Communications Act. “Businesses need to also adhere to the clearer guidelines on corporate data preservation duties developed as part of e-discovery’s emerging jurisprudence,” Mahlum and Goodman wrote. “Balancing these data-driven issues requires an understanding of the ever-evolving landscape of each competing concern.” Now, even those laws may be changing. According to an article in the Wall Street Journal, both the EU and Japan are set to institute new privacy laws that tighten existing data breach legislation, much like the U.S. has done in recent years. In Japan, the government is targeting specifically financial firms, raising the penalty for not disclosing when an individual user’s data has been breached from 500 yen to 10,000 yen ($75) per user. Olivier Piou, chief executive of data-security firm Gemalto, told the WSJ that 500 yen was simply “not enough of a deterrent.” The EU, meanwhile, looks to institute widespread data breach notification rules. The discussion is in the early stages, and the proposed legislation is controversial due to its stringent nature — companies would be required to disclose any data breach within 24 hours. However, the fact that the EU is even having this discussion is noteworthy. The way the litigation is going, in-house counsel should beware that the rules are only going to become stricter within the next couple of years. As Piou said, “In the next few years it will be an obligation, whether by law or reputation. Banks still hesitate to communicate a lot on their penetration and their events. Why? I think we are past the question of ‘should we do something,’ it’s ‘let’s do something.’”
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Global cybersecurity still fractured but getting tougher Audrey McNeil (Oct 07)