By Tim Stratford and Yan Luo

China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released seven draft national standards related to cybersecurity and data privacy for public comment on December 21, 2016.  The public comment period runs until February 2, 2017.

These new draft standards are:

  • Information Security Technology – Personal Information Security Specification
  • Information Security Technology – Implementation Guide for Cybersecurity Classified Protection
  • Information Security Technology – Security Capability Requirements for Big Data Services
  • Information Security Technology – Guide for Security Risk Assessment of Industrial Control Systems
  • Information Security Technology —Security Technique Requirements and Test Evaluation Approaches for Industrial Control Network Monitoring
  • Information Security Technology — Technique Requirements and Testing and Evaluation Approaches For Industrial Control System Vulnerability Detection
  • Information Security Technology – Testing and Evaluation Methods for the Security of Hardcopy Devices


Continue Reading China Seeks Comment on Seven Draft Cybersecurity and Data Privacy National Standards

Senators Feinstein (D-CA) and Burr (R-NC) introduced legislation today that would impose reporting duties on entities that “obtain[] actual knowledge of any terrorist activity.”  The bill applies to entities “engaged in providing an electronic communication service or a remote computing service to the public,” which includes social media companies.  Those entities are required to report

On 1 April, 2012, the UK press reported that the UK Home Office is preparing to propose new legislative reform of the communications data monitoring law, in the Queen’s Speech in May.  The press reports, and the response from the Home Office on 3 April 2012, provided some further details on a programme that was first announced (without detail) by the current Government in October 2010 in the Strategic Defence and Security Review.  The programme, which resembles a predecessor plan under the prior Labour Government named the “Interception Modernisation Programme”, is now known as the “Communications Capability Development Programme” (CCDP). 

Continue Reading UK Government prepares new legislative proposal to modernise communications data monitoring law