Regulation News, Articles and Updates

US FCC to repeal net neutrality, could increase cyber-security threats

The commission decided today to repeal the regulations put in place under the Obama administration, prompting criticism that the move would not only choke freedom but would compromise security and privacy.

The General Data Protection Regulation (GDPR) - what you need to know

May 2018 signals a watershed moment for data protection regulation which should be seen an opportunity for greater emphasis to be afforded to information security, and the processes that support this across organisations.

Uber hid massive hack compromising data of 57M for a year

For more than a year, even as it negotiated with regulators in the US over privacy infractions, Uber hid a massive hack that resulted in cyber-thieves pilfering the personal information of 57 million customers and drivers.

The three certainties in life: death, taxes and GDPR

As the GDPR clock ticks down to implementation, it is clear that this will not be a non-event like the Millennium Bug - it will happen and there will be dire consequences, potentially company-closures, in the event of non-compliance.

FIDO promotes device-based unified authentication standards

The FIDO Europe Working Group launched today with the aim of accelerating the use of FIDO authentication standards in Europe. SC Media UK spoke to Alain Martin, co-chair of the new FIDO Europe Working Group.

The minimum you need to do before GDPR goes live: 4 stages to compliance

GDPR: It's important to put data intelligence tools in place that will allow you not only to conduct an audit of the data you have collected in the past but also address compliance in the future says Rob Perry.

Regulatory compliance: Are small-to-medium sized businesses ready?

SMBs in the UK with operations or supply chain in the EU need to focus their attention on GDPR and security posture; there is a level of scrutiny around data management that many SMBs are unlikely to have experienced before.

Privacy update: accountability for your data practices. Honesty enforced

GDPR - Process change is just the beginning, but more interestingly we will see new technologies and use-cases being born and blossom that we can't yet imagine says Todd Ruback.

Homes and Communities Agency breach reported to ICO

Ahead of GDPR, even minor breaches are now being reported, with the UK government agency, the Homes and Communities agency, notifying the ICO of a limited breach of its information security policy on Monday 9 October.

Equifax breach: lessons ahead of GDPR, be ready to report when it happens

Under GDPR, organisations must notify customers and authorities of a breach within 72 hours of becoming aware of the attack. James Barrett suggests this will transform how breaches are handled, including by companies like Equifax.

IP Expo: GDPR - "All of us will carry a quantum of illegality"

GDPR is built on the assumption that people are better prepared than they are, so we will fail to comply, therefore take a risk-based approach and focus on the things that matter.

Kaspersky US government ban - what are the reasons behind the decision?

What is the basis for the ban on Kaspersky products being used by US government authorities? Is it retaliation for Russia's foreign software ban, fear of potential government pressure, intelligence on actual threats - or prejudice?

Government acts to restrict anonymous communications - legally

Commercial multi-user gateways may only be licensed where the supplier can demonstrate that callers can be identified following Security Minister direction to Ofcom to ensure government access to information.

Coming, ready or not: The cost of GDPR non-compliance

Implementation of GDPR could potentially spell the end of almost one in five European businesses says Petter Nordwall, particularly if regulators come out swinging and impose maximum fines for data breaches.

GDPR - Are you perhaps thinking "What's all the fuss about?"

Ignoring GDPR is not an option.Richard Menear notes how history has shown us that the regulators will be looking for a few companies where they can impose a big fine to set an example for the rest of the industry.

US Kasperky ban draws Kremlin rebuke, raises concerns among users

The US government's decision to ban Kaspersky Lab security software raised concerns from users over their own Kaspersky purchases and drew a sharp rebuke from the Kremlin about anti-competitive practices

New UK data protection bill to be published tomorrow

Tomorrow the UK's new Data Protection Bill is to be published as part of a multi-billion pound National Cyber Security Strategy

EU says prior permission required to monitor staff electronic communications

Organisations will have to ask permission first before being allowed to conduct electronic monitoring of staff.

Crunch time for GDPR - how to prepare. Eight steps to compliance.

All organisations based at least partially online and handling data across the EU must comply with the new GDPR rules yet 69 percent of UK businesses are not ready. Being unprepared is dangerous warns Dr Jamie Graves.

ICYMI: UK regs; AI weaponised?; Malwaretech; Mandiant; WiFi weak

In Case You Missed It: UK data protection; Is AI weaponised; Is Malwaretech; innocent?; Mandiant leak; WiFi vulnerabilities

Poor staff monitoring sees £100k fine for TalkTalk 21,000 record breach

The Information Commissioner's Office (ICO) fined TalkTalk Telecom Group PLC £100,000 because it did not have appropriate technical or organisational measures in place to keep personal data secure.

£17 million fines for CNI companies under proposed EU SNIS plans

Under an (NIS) directive being adopted by the UK, CNI providers will face fines of £17 million or up to four percent of annual turnover if they fail to protect critical infrastructure from loss of services due to cyber-attacks.

Updated: Guidelines to ensure vehicle design includes cyber-security

The UK government has issued a range of guidelines designed to ensure vehicle design includes cyber-security at all stages of development.

ICYMI: Crypto-crash; privacy shield; AI-weapons; Alexa, Swedish breach

In Case You Missed It: Rudd crypto-crash; privacy shield invalid; AI weaponised?; Alexa pwned; Swedish breach fallout

FCA advises firm to record comms under Mifid II, GDPR troubles ahead?

When you've got one law that require more data collection, and another which requires less, there's debate in whether the two might collide.

Facing up to reality: why nation state hacking isn't going away

While states are likely to support the idea of a Geneva Convention for cyber-warfare and espionage, it is not likely to be observed when its so difficult to verify attribution.

UK Information Commissioner makes consumer privacy "top priority"

In a speech at the ICO's annual Data Protection Practitioners Conference in Manchester, the information commissioner said GDPR is bringing about a major culture change, and companies should strive to make the handling of customer data a top priority.

European banking breach guidelines more strict than EU GDPR

Guidelines to payment service providers, supplied by the European Central Bank, call for reporting of a breach within two hours compared to the EU GDPR requirement for reporting within 72 hours.

South African debate on tackling cyber-crime heats up

South Africa is encouraging input into its national Cyber Crimes and Cyber Security bill designed to tackle soaring cyber-crime in the country.