Tag Archives: Service Provider

China Publishes Draft Measures for Security Review of Network Products and Services

On February 4, 2017, the Cyberspace Administration of China published a draft of its proposed Measures for the Security Review of Network Products and Services. Under the Cybersecurity Law of China, if an operator of key information infrastructure purchases network products and services that may affect national security, a security review is required. The draft is open for comment until March 4, 2017.… Continue Reading

NERC Releases Draft Standard for Cybersecurity Supply Chain Risk Management

On January 19, 2017, the North American Electric Reliability Corporation released a draft Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management which addresses “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.”… Continue Reading

Email Privacy Act Reintroduced in Congress

On January 9, 2017, Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO) reintroduced the Email Privacy Act, which would amend the Electronic Communications Privacy Act to require government entities to obtain a warrant, based on probable cause, before accessing the content of any emails or electronic communications stored with third-party service providers, regardless of how long the communications have been held in electronic storage by such providers.… Continue Reading

CJEU Challenges Legality of UK Interceptions Laws

On December 21, 2016, a judgment by the Court of Justice for the European Union that clarifies EU surveillance laws has called into question the legality of the UK’s Investigatory Powers Act 2016. The decision could have significant implications on the UK’s chances of securing “adequacy” status for its data protection regime post-Brexit.… Continue Reading

European Commission Plans to Upgrade e-Privacy Directive to a Regulation

On December 12, 2016, Politico reported that the European Commission intends to replace the e-Privacy Directive with a Regulation. The planned shift from a Directive to a Regulation means that the Regulation will create a harmonized set of requirements at the EU level that are directly applicable in the Member States. … Continue Reading

UK Parliament Approves Investigatory Powers Bill

On November 16, 2016, the UK Investigatory Powers Bill was approved by the UK House of Lords. The draft of the Bill has sparked controversy, as it will hand significant and wide-ranging powers to state surveillance agencies, and has been strongly criticized by some privacy and human rights advocacy groups. … Continue Reading

CISPE Unveils Cloud Providers Code of Conduct

On September 27, 2016, Cloud Infrastructure Services Providers in Europe published its Data Protection Code of Conduct. CISPE, a relatively new coalition of more than 20 cloud infrastructure providers with operations in Europe, has focused the Code on transparency and compliance with EU data protection laws. … Continue Reading

TalkTalk Appeal Against ICO Fine for Late Notification of Data Breach Dismissed by First-Tier Tribunal

On August 30, 2016, the First-tier Tribunal (Information Rights) (the “Tribunal”) dismissed an appeal from UK telecoms company TalkTalk Telecom Group PLC (“TalkTalk”) regarding a monetary penalty notice issued to it on February 17, 2016, by the UK Information Commissioner’s Office (“ICO”). The ICO had issued the monetary penalty notice to TalkTalk, for the amount … Continue Reading

Article 29 Working Party and EDPS Release Opinions on the ePrivacy Directive

On July 25, 2016, the Article 29 Working Party and the European Data Protection Supervisor released their respective Opinions regarding the evaluation and review of Directive 2002/58/EC on privacy and electronic communications. Both the Working Party and the EDPS stressed that new rules should complement the protections available under the EU General Data Protection Regulation. … Continue Reading

China Publishes First Regulation Expressly Regulating Mobile Apps

On June 28, 2016, the State Internet Information Office of the People’s Republic of China published the Administrative Provisions on Information Services for Mobile Internet Applications (the “App Administrative Provisions”). This is the first regulation that expressly regulates mobile apps in the People’s Republic of China. Before the App Administrative Provisions were published, the P.R.C. … Continue Reading

EU Council Adopts the Network and Information Security Directive

On May 17, 2016, the European Council adopted its position at first reading on the Network and Information Security Directive. The NIS Directive was proposed by the European Commission on February 7, 2013, as part of its cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues.… Continue Reading

Simulated Attack on Power Grid Highlights Need for Improved Communications

In its third simulated test of the security of the power grid, the North American Reliability Corporation (“NERC”) reported general progress across the electric utility industry in defending against physical and cyber threats, while also identifying several areas for further improvement. The NERC exercise, dubbed GridEx III, took place over two days in November 2015 … Continue Reading

NERC Report Highlights Lessons Learned from Ukraine Electric Utility Cyber Attack

On March 18, 2016, a report was released by a joint team from the North American Electric Reliability Corporation’s Electricity Information Sharing Analysis Center and SANS Industrial Control Systems. According to the report, the cyber attack against a Ukrainian electric utility in December 2015 was based on months of undetected reconnaissance that gave the attackers a sophisticated understanding of the utility’s supervisory control and data acquisition networks. … Continue Reading
LexBlog