Select Page

Author: Hogan Lovells International LLP

SFC Proposes Baseline Cyber Security Requirements for Internet Trading

The Hong Kong Securities and Futures Commission (“SFC”) has issued a paper containing proposals to introduce cyber security guidelines under the Securities and Futures Ordinance (the “SFO”) applicable to internet brokers (the “Cyber Security Consultation Paper”). Comments are open through 7 July 2017. The Cyber Security Consultation Paper reflects a sharpening of focus by the SFC on cyber security issues. The SFC notes that in the 18 months up to 31 March 2017, 12 licenced corporations reported 27 cyber incidents – the majority involving access to clients’ trading accounts.  These incidents resulted in unauthorised trades to the value of...

Read More

Combatting the Massive Wave of WannaCry Ransomware

Major companies, health care organizations and government agencies are facing a wave of cyberattacks involving ransomware that takes control of computers and denies access until a ransom is paid.  These attacks are occurring on a global scale and in some cases are having a significant impact on business and healthcare operations.  The cyberattack has disrupted targets throughout the world from Britain’s National Health Service to US Fortune 500 companies, the Russian Foreign Ministry, and universities in China. Protecting Against the Threat Security measures that can be taken to help protect against the threat are evolving as more information becomes...

Read More

Upcoming Webinar on Cybersecurity & the Internet of Things

“Connected” products—not just traditional IT products—are increasingly subject to cyber attacks globally. The question companies are (and should be) asking is no longer whether there will be an attack involving Internet of Things (IoT) devices and infrastructure, but when. Join us on May 24 for the third installment of our 2017 IoT webinar series and get practical guidance from our international team of cybersecurity lawyers, who will present key elements of Hogan Lovells’ well-received client workshop on this rapidly evolving topic. In this complimentary webinar, Michelle Kisloff, Mark Parsons, Harriet Pearson, Paul Otto, and Martin Strauch of Hogan Lovells’...

Read More

UK Parliament Passes New Digital Economy Act

The Digital Economy Bill passed into UK law last Thursday 27 April 2017 amidst the flurry of activity known as the “wash up” period before the dissolution of Parliament and ahead of the early general election in the UK to be held on 8 June. The Digital Economy Act introduces measures to “modernise the UK for enterprise,” and includes plans for public sector data sharing, direct marketing and age verification for online pornography, amongst other measures. An overview of these measures is set forth in this post. As most of the measures rely on further codes of practice that...

Read More

German Parliament Passes New Federal Data Protection Act

On 27 April 2017 the German Parliament passed an entirely new Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The new BDSG replaces the old BDSG, which has been in force for the last 40 years. The new BDSG shall adapt the German law to the provisions of the EU General Data Protection Regulation (GDPR). The new BDSG will now form the basis for the adaption of German acts to the GDPR. Further acts concerning special processing situations like social security data protection are likely to follow. Companies operating in Germany should analyze the BDSG requirements and make sure that...

Read More

Article 29 Working Party Issues Guidance on Data Protection Impact Assessments

The steady trickle of GDPR guidance from the Article 29 Working Party continues. Fresh from finalising its guidance on data portability, lead supervisory authorities and data protection officers, the Working Party has published draft guidance on data protection impact assessments (DPIA), the full text of which is available on the Working Party website. Comments can be submitted to the Working Party by 23 May 2017, after which the guidance will be finalised. When to Carry out a DPIA DPIAs are a key part of the GDPR accountability principle, and have to be carried out if a processing activity is...

Read More

State of the Cyber Nation: UK Government Report on Cybersecurity Breaches

On 19 April 2017, the UK Government’s Department for Culture, Media and Sport (DCMS) published a report on cybersecurity breaches and how they affected UK companies in the last year. Headline statistics from the report include: 61% of businesses hold personal data electronically; 46% of all UK businesses identified at least one cybersecurity breach in the past year, rising to 51% of those that hold personal data on customers, 66% amongst medium-sized firms and 68% amongst large firms; The most common breaches involved members of staff receiving fraudulent emails. This demonstrates that technical measures can only take an organisation so...

Read More

FCC Privacy Rules Break New Ground

The Federal Communication Commission’s (FCC) long-awaited – and much debated – privacy rules for Internet Service Providers (ISPs) have now been adopted.  The agency approved the rules by a 3-2 vote along political party lines last Thursday. Several of the FCC requirements are particularly notable for being more restrictive than the Federal Trade Commission’s (FTC) standards for consumer online privacy.  In this post we provide an overview of some of the new FCC rules and highlight key areas where the FCC’s requirements diverge from the FTC’s framework. Requirements for ISPs Although the full text of the FCC’s decision has not yet been released, an agency fact sheet provides details on some of the key requirements: Transparency.  The rules require that ISPs, whether they offer mobile broadband or fixed broadband services, to: (1) notify customers about what types of information the ISP collects about customers; (2) specify how and for what purposes the ISP uses and shares this information; and (3) identify the types of entities with which the ISP shares this information. Consumer Choice.  ISPs must obtain opt-in consent to use and share “sensitive information” such as precise geolocation information, web browsing history, app usage history, the content of communications, and health information.  ISPs must also provide consumers an ability to opt out of the use and sharing of non-sensitive information.  Certain exceptions to these consent standards are provided,...

Read More
  • 1
  • 2