Exploring the evolution of cybersecurity and privacy law
In line with the government’s commitments in its 2022 National Cyber Strategy, the Department for Digital, Culture, Media & Sport (DCMS) launched a consultation on 19 January 2022 outlining its proposals for new measures to strengthen the cyber security of businesses in the UK.
The UK government acknowledges that a new legal framework needs…
Last week the Financial Conduct Authority, Prudential Regulation Authority (“PRA“) and Bank of England published a joint policy statement on operational resilience in relation to the impact tolerance of important business services in the financial sector (the “Statement”). The new rules aim to help firms prevent, adapt, respond to, recover and learn…
The New General Law of Data Protection (LGPD) innovates how the personal data must be processed by companies in Brazil. Inspired by the European General Data Protection Regulation (GDPR), the Brazilian law establishes the parameters according to which companies can process personal data, that until then was not properly regulated by applicable legislation. This means…
Following up on its promises to “move forward on regulations strengthening cybersecurity standards for banks’ third-party vendors” and to “expand its information technology examination procedures to focus more attention on cybersecurity” the New York State Department of Financial Services (“DFS”) issued a letter on November 9, 2015, to the Financial and Banking Information Infrastructure Committee…
In one high-profile data breach after another, businesses have learned a hard lesson: A company’s cybersecurity is only as strong as the weakest link in its supply chain. Suppliers often have access to a company’s systems and data, and cyber attackers know it, so companies need to be just as diligent about their suppliers’ cybersecurity…
