On January 19, 2017, the North American Electric Reliability Corporation released a draft Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management which addresses “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.”
Continue Reading NERC Releases Draft Standard for Cybersecurity Supply Chain Risk Management

Reporting from Israel, legal consultant Dr. Omer Tene writes about an important recent decision in which an Israeli court upholds the validity of an instruction issued by the data protection regulator restricting financial institutions from using information about a third party’s attachment of their client’s account for the financial institution’s own purposes.
Continue Reading Israeli Court Upholds DPA’s Authority to Issue Market Instructions

On July 10, 2012, the Federal Financial Institutions Examination Council released a statement on outsourced cloud computing activities, discussing key risk considerations associated with using third-party vendors to implement cloud computing solutions and identifying applicable risk mitigation considerations contained in the FFIEC IT Examination Handbook.
Continue Reading FFIEC Issues Statement on Cloud Computing

On June 6, 2012, the Article 29 Working Party adopted WP 195, setting out the requirements for processor Binding Corporate Rules. The Opinion likely will be welcomed by processors, in particular those that provide large-scale, multinational data processing services.
Continue Reading Article 29 Working Party Issues Opinion on Processor Binding Corporate Rules