Cyber Security Practitioner

Volume: 2 Issue: 7
(July 2016)


The UK looks set to follow EU law in the area of cyber security closely despite the forthcoming Brexit, with the recent passing of the EU General Data Protection Regulation (‘GDPR’) - set to take effect on 25 May 2018 - and the EU Network and Information Security Directive (‘NIS Directive’), which was adopted on 6 July 2016 and which is set to be transposed into Member State law by May 2018. / read more

The UK’s Department of Health has launched a public consultation on the proposed data security standards and new consent/opt-out model for data sharing in the NHS, which was set out in Dame Fiona Caldicott’s Review of Data Security, Consent and Opt-Outs, published on 6 July 2016. / read more

The European Commission (‘EC’) announced, on 5 July 2016, the launch of a new public-private partnership on cyber security to prevent and tackle cyber attacks and strengthen the competitiveness of the cyber security sector. It announced that it will look into a possible European certification framework for ICT security products to prevent market fragmentation and avoid companies undergoing several certification processes. / read more

The US Court of Appeals for the Ninth Circuit upheld convictions on 5 July 2016 against David Nosal for knowingly and with intent to defraud accessing a protected computer ‘without authorization’ in violation of the Computer Fraud and Abuse Act (‘CFAA’), for using an employee’s password to access his previous firm’s computers to obtain information to help set up his own business. The panel ruled that Nosal acted ‘without authorization’ even though the employee, his former secretary, had voluntarily provided her password, and despite the dissenting opinion expressed by Judge Reinhardt that such reasoning could cover the sharing of passwords more generally and transform “millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.” / read more

On 19 July 2016, Advocate General Saugmandsgaard øe (‘AG’) of the European Court of Justice (‘ECJ’) issued his Opinion in Joined Cases C-203/15 Tele2 Sverige AB v. Post-och telestyrelsen and C-698/15 Secretary of State for Home Department v. Tom Watson and Others, stating that the retention of data about communications such as date, time and durational information is only legal if strictly circumscribed by a series of legal safeguards, including that any retention is made pursuant to tackling serious crime. The AG’s non-binding Opinion comes following an action brought by the UK’s Deputy Labour Leader, Tom Watson, and the new UK Brexit minister David Davis back in December 2014, when legal proceedings were brought against the Secretary of State for the Home Department, granting a substantive hearing at the UK High Court in June 2015. The High Court then ruled that both sections 1 and 2 of the UK’s Data Retention and Investigatory Powers Act 2014 (‘DRIPA’) were unlawful, which was challenged by the then Home Secretary, Theresa May. When referred to the Court of Appeal, the ECJ was asked to clarify the impact of an earlier ruling, known as Digital Rights Ireland and Others (C-293/12), where the Data Retention Directive was declared invalid. David Davis has since removed his name from all legal proceedings as a result of being asked to join the current government by the previous Home Secretary. / read more

The US Government released on 26 July 2016 a Directive on Cyber Incident Coordination for emergency responses to cyber attacks (‘PPD-41’), a presidential policy directive which inter alia will assist in coordinating the US Government’s response to cyber incidents and provide guidance for organisations within the private sector that have experienced a cyber attack as to how they can obtain federal assistance. / read more

The Australian Minister for Justice announced on 9 August 2016 that a cyber team to target terrorist financing and financial crime has been established by AUSTRAC - Australia’s primary financial intelligence agency. This follows the commencement of the Australian Government’s Cyber Security Strategy, announced on 21 April 2016, and responds to certain recommendations from the Australian Government’s AML/CTF review in the same month. / read more

Pakistan’s National Assembly passed the Prevention of Electronic Crimes Act 2016 (‘PECA’) on 11 August 2016, following calls for a functional law on cyber crime; PECA adds new offences such as computer hacking and cyber terrorism to the criminal justice system. Despite its intentions, PECA has been widely criticised as vague and unclear. / read more

The City of London Police force (‘COLP’) is to begin a new scheme to tackle fraud, including cyber fraud, which will involve police handing fraud suspects’ details to external law firms, who will then pursue the recovery of the proceeds of the crime through the civil courts; the scheme was reported on The Guardian website on 14 August 2016. / read more


To very little fanfare in the UK - perhaps because the Brexit vote has already altered our feelings about the importance of EU legislation - the Network and Information Security Directive (‘NIS Directive’) overcame its final obstacle earlier this month, when it was voted through by the European Parliament. We can expect it to come into force in 2018, around the time of the EU General Data Protection Regulation (‘GDPR’). If the current talk about when the UK will trigger Article 50 of the Lisbon Treaty is correct, in the early New Year, then, like the GDPR, the NIS Directive will be law in the UK for a good six months at least. / read more

The UK’s House of Commons Culture, Media and Sport Committee (‘CMSC’) has recently published its report on cyber security and data protection. The report, entitled Cyber Security: Protection of Personal Data Online (the ‘Report’), considers the evolving landscape of cyber crime and, in particular, the recent cyber attacks against the websites of telecommunications and internet service provider TalkTalk Telecom Group Plc in October 2015. Philip James, Partner at Sheridans, discusses the Report in detail and considers the recommendations made by the CMSC following the TalkTalk cyber attack. / read more

Cyber crime knows no borders. For this reason the vote by the European Parliament on 6 July 2016 to adopt the new Directive on Security of Network and Information Systems (the ‘NIS Directive’) is a significant one. The NIS Directive promises to support and facilitate strategic cooperation between Member States of the European Union, including through the exchange of information. It builds on and fills gaps in the European Union’s existing Directive (and forthcoming Regulation) on data protection. But in the wake of the UK’s referendum and decision to leave the European Union, James Walsh, Ian Hargreaves and Robert Bolgar-Smith of King & Wood Mallesons LLP ask what will become of the world’s first true inter-governmental initiative on cyber security, and what governments and businesses should be doing to prepare. / read more

Daniel C. Nelson of Armstrong Teasdale discusses the nuances of the recent court rulings in the US concerning class action lawsuits brought against Ashley Madison following the hack that saw the personal information of Ashley Madison subscribers posted online. / read more

The Singapore press recently reported that the Government has taken the decision to restrict internet access in the public sector, which has sparked a debate concerning cyber security in Singapore. Critics fear that this is a step backwards that could hinder Singapore’s Smart Nation vision, whilst other cyber security experts support the plan. In this article, Bryan Tan, a Partner at Pinsent Masons and Member of the Internet Society, Singapore Chapter, and Benjamin Ang, Senior Fellow at the Centre of Excellence for National Security, S. Rajaratnam School of International Studies, Nanyang Technological University, and Member of the Internet Society, Singapore Chapter, examine the legal and policy background of this move, and explore some of its implications. / read more

About Cyber Security Practitioner:

Cyber Security Practitioner, the most recently launched monthly publication from Cecile Park Media, provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. It covers cyber security regulation, data breach, data security, cyber risk, cyber crime, ethical hacking, privacy and data protection, cyber infrastructure, technical solutions, risk management, information assurance, security standards, liability, consumer protection, ransomware and other cyber threats, cyber insurance... /read more

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed