Cyber Security Practitioner

Volume: 2 Issue: 10
(October 2016)


News

The Group of Seven industrial powers (‘G7’) published, on 11 October 2016, its guidelines on Fundamental Elements of Cybersecurity for the Financial Sector (‘the Guidelines’). The Guidelines were published following a series of cross-border bank thefts, which continue to threaten ‘interconnected global financial systems and the institutions that operate and support those systems.’ / read more


Features

There were two runners for the prize of the biggest cyber security story in October. / read more

A leading information technology journal recently published an article detailing the risks of cyber security professionals failing to understand the considerations of the General Data Protection Regulation (‘GDPR’). Kevin Murphy, a Cyber Security, Risk and Privacy Specialist, found it striking that the article author contained their discussion exclusively to cyber security professionals. Is this where responsibility for personal information (‘PI’) ends? Can we be sure the provisions of the GDPR are confined to specific roles or business areas? Who is ultimately accountable for ensuring PI is managed effectively in an organisation? In this article, Kevin’s purpose is to answer these questions and argue that in the digital age the traditional concepts of responsibility and accountability can no longer apply. / read more

Twelve months on from the first reports of the TalkTalk data breach, the Information Commissioner’s Office (‘ICO’) has issued TalkTalk with a record fine of £400,000 for its breaches of the Data Protection Act 1998 (‘DPA’). The TalkTalk breach is the largest data breach that has ever come to light. In this article, Emma Wright and Krysia Oastler of Kemp Little: distil the TalkTalk monetary penalty notice for its breaches of the DPA together with the decision of the First-Tier Tribunal to dismiss TalkTalk’s appeal against the monetary penalty notice for a failure by TalkTalk to notify the ICO of a personal data breach in accordance with the necessary timescales; and set out five key lessons to be learnt, in order to minimise the risks and impact of a data breach on a business. / read more

On 14 September 2016 the UK’s National Audit Office published ‘Protecting information across government,’ (‘Report’) which looked at the UK Government Cabinet Office’s role in coordinating and leading departments’ efforts to protect their information. Mark Symons of Pitmans LLP discusses the key findings from the Report, which indicates some alarming cyber security weaknesses at Government level. The NAO's Report casts a glaring searchlight on whether the cyber security of Government in the UK can meet increasing threats; moreover, it shows some very serious cyber security weaknesses. It is compulsory bedtime reading for terrorists, spies, criminals and hackers. / read more

Can a merchant who in the course of doing business offers customers free and open access to a Wi-Fi network, be held liable for copyright infringements committed by a customer through that Wi-Fi network? Can a merchant be subject to an injunction that requires that WiFi network to be accessed with a password or to exercise control over the content transmitted through it? In this article, Barbara Sartori and Letizia Tomada of CBA Studio Legale e Tributario explore these questions, which were recently answered by the Court of Justice of the European Union (‘CJEU’) on 15 September 2016, following the opinion delivered on 16 March 2016 by Advocate General Szpunar, in case C-484/14 Tobias McFadden v. Sony Music Entertainment Germany GmbH. / read more

The countdown to the application of the EU General Data Protection Regulation (‘GDPR’) has begun, and organisations must be aware that there are new and additional requirements regarding the collection, processing, storage and use of personal data. Provisions in the GDPR include those in relation to data security, and organisations are required to implement appropriate technical and organisational measures to achieve data integrity and confidentiality. Christian Leuthner of Olswang LLP looks at the data security provisions within the GDPR and how businesses should go about operationalising the GDPR from a cyber security perspective. / read more

A little more than a month ago on 13 September 2016, California Governor Jerry Brown approved Assembly Bill 2828 and thereby initiated important, and potentially far-reaching changes, to California’s landmark data breach notification statute. California passed the nation’s first data breach notification statute in 2002. The statute is set forth in two essentially identical sections of the California Civil Code. Civil Code § 1798.29 sets forth the breach notification requirements for California Governmental agencies, while the provisions in Code § 1798.82 describe identical requirements for private businesses and individuals doing business in California. For purposes of clarity and convenience, Joseph M. Burton, Partner at Duane Morris LLP, discusses the requirements applicable to businesses. / read more


About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives



Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
Sign up for e-mail alerts
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed