Tag archives: Security

UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK

Data Protection Report - Norton Rose Fulbright

The UK NIS Regulations (implementing the NIS Directive) come into force in the UK today (10 May 2018). These Regulations have received limited press attention, in part due to the emphasis that has been placed on GDPR implementation. However, the NIS Regulations represent a significant change in the legal environment relating to cybersecurity in the UK.… Continue Reading

FTC Orders PCI DSS Compliance Reports

Data Protection Report - Norton Rose Fulbright

The Federal Trade Commission (FTC) has ordered nine companies to file Special Reports detailing how they assess their clients’ compliance with Payment Card Industry Data Security Standards (PCI DSS). Payment card issuing companies require businesses that process over one million card transactions per year to undergo PCI DSS compliance assessments, or audits, performed by PCI Qualified Security Assessors (QSAs), to ensure that the businesses comply with PCI DSS and are adequately protecting their customers’ sensitive personal information. The Order includes a laundry list of requests related to the targeted companies’ PCI DSS assessment process, from the bidding for and staffing … Continue Reading

U.S. Department of Defense issues interim rule imposing network penetration reporting requirements and addressing cybersecurity of cloud computing services

Data Protection Report - Norton Rose Fulbright

On August 25, 2015, the Department of Defense (“DoD”) issued interim rule DARS-2015-0039, which amends the Defense Federal Acquisition Regulation Supplement (“DFARS”) to implement a network penetration reporting requirement for contractors. Additionally, this rule implements DoD policy on the purchase of cloud computing services.… Continue Reading

The Security, Privacy and Legal Implications of the Internet of Things (“IoT”) Part one – The Context and Use of IoT

Data Protection Report - Norton Rose Fulbright

Disrupted, yet again. The world is fast preparing for the invasion of objects connected to the Internet, otherwise known as the Internet of Things (“IoT”).

IoT is here, and it will revolutionize how both individuals and corporations interact with the world.  In this multi-part series we will explore this quickly evolving revolution and the privacy and security legal issues and risks that corporations will have to address in order to leverage IoT and move the world into a new reality.  Part One of this series provides background and context surrounding IoT and highlights the legal issues organizations seeking to leverage … Continue Reading

The “EMV Liability Shift” Is Coming (What Merchants Need to Know)

Data Protection Report - Norton Rose Fulbright

Currently, almost half of the world’s credit card fraud happens in the U.S where magnetic stripe technology is the standard. Outside the U.S., an estimated 40% of the world’s cards and 70% of the terminals already use the EMV technology. These countries are reporting significantly lower counterfeit fraud levels with EMV cards than with the magnetic stripe cards.

By October 1, 2015, many people in the U.S. who use credit cards will likely notice changes when they pay for purchases at retail stores. The reason for the change is the “EMV liability shift” scheduled to occur on October … Continue Reading

FTC issues new privacy and security report on the internet of things

Data Protection Report - Norton Rose Fulbright

In advance of what will likely be a flood of interconnected devices to soon hit the market, the Federal Trade Commission (“FTC”) today announced the release of a new report on the Internet of Things (the “Report”).  Focusing on privacy and security, the FTC makes several suggestions to companies developing Internet of Things devices that are marketed to consumers.

Highlights of the Report include the following:

  • risk assessment: prior to and during development of a connected device, the FTC believes that companies should assess the risk that the device and its data could be compromised.  Security protocols can then
Continue Reading

Sharing Cyber Threat Information: A Legal Perspective (ISSA Journal Article)

Data Protection Report - Norton Rose Fulbright

The ISSA Journal recently included an article, Sharing Cyber Threat Information: A Legal Perspectiveauthored by Utsav Mathur and I (David Navetta) concerning potential legal risks associated with intra-industry sharing of cyber-threat information. The article summarizes recent efforts by the US government to encourage more information sharing concerning cyber threats and data-security incidents within industries. Recent Department of Justice and Federal Trade Commission policy statements provide guidance concerning the antitrust legal risks associated with such sharing and how companies may reduce that risk. In addition, a DOJ press release from October 2014 addressed similar issues and cleared … Continue Reading