Cyber Insurance, Privacy and Data Security Newsletter – June 2014
Published 17 June 2014
As the implementation of the European Data Protection Regulation drops further behind schedule, one could be forgiven for thinking that all is quiet on the cyber risk insurance front. The draft Regulation is often cited as the awaited trigger to the cyber risk insurance market in Europe. However, recent developments show a greater awareness and necessity for tightening security standards in the absence of any formal change in the law which could prompt greater interest in risk mitigation strategies and the purchase of insurance.
Last month, the ICO issued a report on the top 8 reasons for IT security failures which have given rise to the most serious breaches that have been investigated by the ICO. Whilst the aptly titled report "learning from the mistakes of others" is not legally binding, it will be interesting to see whether sanctions will be higher for organisations who fail to learn from those mistakes. The UK government has also recently launched its Cyber Essentials scheme, an accredited certification scheme aimed at mitigating the most common internet based threats to cyber security. It seems, therefore, that rather than being the year of the Regulation, 2014 is set to be the 'year of the cyber standard'.
As always, cyber breaches are never far from the headlines and this month is no exception. Ebay is the latest high-profile victim of an attack on a massive scale highlighting that even the most sophisticated of organisations can fall victim.
Information Technology and Data Protection Legislation
Click to read more on each of the developments:
- U.S Court Ruling on Microsoft data stored overseas
- ICO updates guidance on the difference between Data Controllers and Data Processors
- Global Privacy Enforcement Network announces global privacy enforcement network annual enforcement sweep
- American apparel settles with FTC following false claims it was compliant with EU Safe Harbor Framework
- ICO issues new IT Security Guidance
- ICO releases revised CCTV Code of Practice
- Court of Justice of the European Union ("CJEU") hands down landmark judgement against Google
- Direct marketing association ("DMA") clarifies ICO guidance on Direct Marketing
- EBay suffers major Data Protection breach
- ICO undertakings issued - May 2014