On January 19, 2017, the North American Electric Reliability Corporation released a draft Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management which addresses “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.”
Continue Reading NERC Releases Draft Standard for Cybersecurity Supply Chain Risk Management
Outsourcing
CISPE Unveils Cloud Providers Code of Conduct
On September 27, 2016, Cloud Infrastructure Services Providers in Europe published its Data Protection Code of Conduct. CISPE, a relatively new coalition of more than 20 cloud infrastructure providers with operations in Europe, has focused the Code on transparency and compliance with EU data protection laws. …
Continue Reading CISPE Unveils Cloud Providers Code of Conduct
Peru Issues Data Protection Regulations
On March 22, 2013, Peru issued the implementing regulations of its new data protection law. The regulations provide detailed rules on a variety of topics, including data transfers, outsourcing, information security, database registration and enforcement.
Continue Reading Peru Issues Data Protection Regulations
Israeli Court Upholds DPA’s Authority to Issue Market Instructions
Reporting from Israel, legal consultant Dr. Omer Tene writes about an important recent decision in which an Israeli court upholds the validity of an instruction issued by the data protection regulator restricting financial institutions from using information about a third party’s attachment of their client’s account for the financial institution’s own purposes.
Continue Reading Israeli Court Upholds DPA’s Authority to Issue Market Instructions
Philippines President Aquino Signs Data Protection Legislation
On August 15, 2012, Philippines President Benigno S. Aquino III signed the Data Privacy Act of 2012.
Continue Reading Philippines President Aquino Signs Data Protection Legislation
FFIEC Issues Statement on Cloud Computing
On July 10, 2012, the Federal Financial Institutions Examination Council released a statement on outsourced cloud computing activities, discussing key risk considerations associated with using third-party vendors to implement cloud computing solutions and identifying applicable risk mitigation considerations contained in the FFIEC IT Examination Handbook. …
Continue Reading FFIEC Issues Statement on Cloud Computing
Article 29 Working Party Issues Opinion on Processor Binding Corporate Rules
On June 6, 2012, the Article 29 Working Party adopted WP 195, setting out the requirements for processor Binding Corporate Rules. The Opinion likely will be welcomed by processors, in particular those that provide large-scale, multinational data processing services. …
Continue Reading Article 29 Working Party Issues Opinion on Processor Binding Corporate Rules
Philippines Passes Omnibus Data Protection Law
On March 20, 2012, the Philippine Senate unanimously approved an EU-style omnibus data protection bill.
Continue Reading Philippines Passes Omnibus Data Protection Law
Outsourcers Exempt from India’s Privacy Regulations
On August 24, 2011, India’s Ministry of Communications & Information Technology issued a clarification regarding India’s new privacy regulations, indicating that outsourcing service providers in India will not need to obtain consent from individuals before processing their data.
…
Continue Reading Outsourcers Exempt from India’s Privacy Regulations
India Drafts New Privacy Regulations
On April 11, 2011, India adopted new privacy regulations that regulate the collection, use and disclosure of personal information and sensitive personal data.
…
Continue Reading India Drafts New Privacy Regulations