Tag:Government

1
Draft law proposes security assessment of data exported out of China
2
Update: Mandatory Data Breach Notification Laws closer to being introduced
3
Hackers to take the blame for Census?
4
The biggest cyber security threats experienced by Australian organisations
5
A New Cyber Regulator on the Beat: The CFPB Issues its First Cybersecurity Order and Fine
6
Breaches Update – June 2015
7
Government Regulation, Legislation and Enforcement Updates
8
European Union Cybersecurity Dashboard Report
9
Reports and Surveys Updates
10
Government Regulation, Legislation and Enforcement Updates

Draft law proposes security assessment of data exported out of China

By Cameron Abbott and Allison Wallace

The Cyberspace Administration of China has released a draft law that would impose an annual security assessment on firms exporting data out of China.

The proposed legislation would apply to any business which transfers more than 1000 gigabytes of data, or which affects more than 500,000 users, and is the latest of several safeguards announced in recent times against threats such as hacking and terrorism.

Under the draft law, economic, technological or scientific data whose transfer would post a threat to public or security interests would be banned, and there would be extra scrutiny of sensitive geographic data.

Businesses would also have to obtain the consent of users before transmitting it overseas.

The draft law follows another passed in November 2016 which formalised a range of controls over firms that handle data in industries the Chinese government labels critical to national interests.

Update: Mandatory Data Breach Notification Laws closer to being introduced

By Cameron Abbott and Allison Wallace

As foreshadowed by the Attorney General’s Department last year, the Australian government is pushing ahead with its plan to introduce mandatory data breach notification laws, with Parliament today agreeing to a third reading of the Privacy Amendment (Notifiable Data Breaches) Bill 2016. You can find more about the proposed legislation here. We’ll keep you updated as the bill makes its way through parliament.

Hackers to take the blame for Census?

By Cameron Abbott and Rebecca Murray

The Australian Bureau of Statistics (ABS) says that the 2016 online census form was subject to “four Denial of Service attacks,” which prompted the ABS to shut down its Census website as a security precaution on Tuesday night. Read the ABS’s media release here.

While the ABS maintains that 2 million forms were successfully submitted and safely stored, thousands of Australians were prevented from taking part in the Census due to the website crash. The ABS has revealed that it believes that the attacks came from overseas and were a deliberate attempt to sabotage the census. However, we are wondering if the entire Australian population accessing the website at the same time might look like a Denial of Service attack in its own right! If ever a system should have been robust enough to cope with such an attack it was this one.

Attorney-General George Brandis has stated that the security measures in place were “more than sufficient to protect individual privacy” and that “the cyber security operations centre has been engaged overnight…and is investigating the matter.”

The biggest cyber security threats experienced by Australian organisations

By Jim Bulling and Michelle Chasser

The Australian Government Australian Cyber Security Centre (ACSC) has released its 2015 Cyber Security Survey: Major Australian Businesses. 149 organisations across a number of sectors, including banking and finance, defence and energy, responded to the survey which provides some interesting insights into cyber security activity and concerns for the future.

According to the survey the top 10 cyber security incidents experienced by respondents on their networks in the previous 12 months were:

  1. ransomware (72%)
  2. malware (66%)
  3. targeted malicious emails (59%)
  4. virus or worm infection (30%)
  5. theft of mobile devices and laptops (30%)
  6. trojan (27%)
  7. remote access trojans (20%)
  8. unauthorised access (25%)
  9. theft or breach of confidential information (23%)
  10. unauthorised access to information from an outsider (17%)

Read More

A New Cyber Regulator on the Beat: The CFPB Issues its First Cybersecurity Order and Fine

By Ted Kornobis

On March 2, 2016, the Consumer Financial Protection Bureau (“CFPB”) instituted its first data security enforcement action, in the form of a consent order against online payment platform Dwolla, Inc.

The CFPB joins several other regulators that have recently issued statements or instituted enforcement actions in this space, including the Securities and Exchange Commission (“SEC”), Commodities Futures Trading Commission (“CFTC”), the Financial Industry Regulatory Authority (“FINRA”), the National Futures Association (“NFA”), the Department of Justice (“DOJ”), state attorneys general, and the Federal Trade Commission (“FTC”), which has been active in this area for several years.

To read more click here.

Breaches Update – June 2015

by Jim Bulling and Julia Baldi

U.S. Office of Personal Management Breach
The U.S.Government’s Office of Personal Management announced that its database has been subject to a cybersecurity breach. Hackers stole data relating to federal government employees dating back three decades and may effect more than four million people.

See the ABC report here and Forbes report here.

The OPM is offering affected individuals credit monitoring services and identity theft insurance. See the OPM announcement here.

Read More

Government Regulation, Legislation and Enforcement Updates

by Jim Bulling and Julia Baldi

Australian Federal Government Cybersecurity Review
The Australian Federal Government holds a Cybersecurity Review.

See the Australian Government’s summary of the review here.

SEC Guidance Update
The SEC’s Investment Management Team published a Guidance Update which outlines measures managed funds and investment advisers may wish to consider in addressing cybersecurity risk. The guidance includes practical tips applicable to Australian entities.

See the Guidance Update here.

Read More

European Union Cybersecurity Dashboard Report

by Jim Bulling and Julia Baldi

The Business Software Alliance, European Union cybersecurity dashboard: A path to a Secure European Cyberspace published by the BSA. The report aims to allow government officials in each of the EU Member States with an opportunity to evaluate their country’s policies against these metrics, as well as their European neighbours. The report is an interesting read for Australian companies holding, or considering holding, data in Europe.

See the report here.

Reports and Surveys Updates

by Jim Bulling and Julia Baldi

The Emergence of Cybersecurity Law Report
The Emergence of Cybersecurity Law report released by Hanover Research outlines trends and strategies in respect of in house counsel’s involvement in companies’ cybersecurity efforts.

See the report here.

Eurobarometer report on cybersecurity
European Commissions publishes special Eurobarometer report on cyber ecurity which shows EU citizens have significant concerns about cybercrime threats.

See the report here.

Government Regulation, Legislation and Enforcement Updates

by Jim Bulling and Julia Baldi

China Introduces new Cybersecurity Laws
China introduced new cybersecurity laws, which require both local and foreign banks and financial institutions with Chinese clients (including Australian financial institutions) to use IT equipment deemed “secure and controllable” by Beijing. The breadth of the laws has upset foreign financial institutions given the potential cost of compliance if foreign entities must implement IT equipment systems in accordance with Chinese directives.

See the Financial Times report here.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.