Tag Archives: International

UK Government Proposes Cybersecurity Law with Serious Fines

Earlier this month, the UK Government published a consultation on plans to implement the EU Directive on security of network and information systems (the “NIS Directive”, otherwise known as the Cybersecurity Directive).  The consultation includes a proposal to fine firms that fail to implement “appropriate and proportionate security measures” up to EUR 20 million or … Continue Reading

Central Bank of Kenya Issues Guidance Note on Cybersecurity

On August 18, 2017, the Central Bank of Kenya (“CBK”) used its authority under Section 33(4) of the Banking Act to publish a Guidance Note on identifying and mitigating cyber risk.  The Guidance Note directs institutions licensed under the Banking Act (Cap. 488) (“Institutions”) to develop and implement a comprehensive set of program requirements to … Continue Reading

EU Cyber Security Directive To Enter Into Force In August

The EU Network and Information Security (NIS) Directive now looks likely to enter into force in August of this year.  Member States will then have 21 months to implement it into national law before the new security and incident notification obligations will start to apply to the following entities: designated* “operators of essential services” within … Continue Reading

European Institutions Reach Agreement on EU Cybersecurity Rules

On December 7, 2015, the European institutions reached an informal agreement on the EU Network and Information Security (NIS) Directive — dubbed the Cybersecurity Directive (see press release from the Council).  Among other things, the NIS Directive imposes security and incident reporting obligations on operators of essential services in critical sectors and on some digital … Continue Reading

Fraud Investigators Imprisoned for Illegally Collecting Personal Data in China

By Eric Carlson and Scott Livingston On Friday, August 8, 2014, a Chinese court convicted British fraud investigator Peter Humphrey and his wife, Yu Yingzeng, a naturalized US citizen, of illegally obtaining personal information.  Mr. Humphrey was sentenced to two and a half years in prison and fined RMB 200,000 (about US $32,000); Ms. Yu … Continue Reading

Covington to Discuss Cyber Warfare at #SXSW 2014

Kristen Eichensehr, a member of Covington’s Global Privacy and Data Security Practice Group, will be speaking at a panel entitled “Intangible Weapons, Invisible Enemies” at the South By Southwest (“SXSW”) Interactive conference this Sunday, March 9.  Joined by University of Texas Law School Professor Derek Jinks, Kristen will discuss the nature of cyber warfare, if … Continue Reading

Sweden Hit with €3M Penalty Payment For Delay in Transposing Data Retention Directive

By Kristi Cercone & Monika Kuschewsky On Thursday, the Court of Justice of the EU ordered Sweden to pay a lump sum of €3 million for failure to transpose the EU’s Data Retention Directive (the “Directive”) into national law within the prescribed period.  The Directive obliges electronic communications service providers to store information about communications … Continue Reading

Progress Report on the Proposed EU Network and Information Security Directive

By Mark Young and Oliver Grazebrook The Irish Presidency of the Council of the EU has published a progress report on negotiations at Member State level on the EU CyberSecurity Strategy and proposed EU Directive on Network and Information Security (“NIS Directive”).  As we summarised in this post, if enacted in its current form, the … Continue Reading

UK Government Calls for Evidence on EU Directive on Network and Information Security

To help prepare an impact assessment on the potential effects in the UK of the proposed EU Directive on Network and Information Security (“NIS Directive”), the UK Government has launched a call for evidence to gather data.  As we summarised in this post, if enacted in its current form, the NIS Directive will require companies … Continue Reading

Supreme Court Hears Oral Argument on Standing Issue in Challenge to FISA Amendments Act of 2008

By Alex Berengaut On Monday, October 29, the Supreme Court heard oral argument in Clapper v. Amnesty International (No. 11-1025), a challenge brought by the American Civil Liberties Union (ACLU) against the FISA Amendments Act (FAA) of 2008.  The FAA amended the Foreign Intelligence Surveillance Act (FISA) of 1978 by authorizing new procedures for electronic … Continue Reading

Cayman Islands launch consultation on new Data Protection Bill

On 4 September, 2012, the Cayman Islands’ Data Protection Working Group (DPWG) released a consultation paper, inviting comments from the public on the draft Cayman Islands Data Protection Bill 2012. The Bill, which is modelled on the European Framework Data Protection Directive 95/46/EC, aims to protect individuals’ rights regarding the collection and use of personal … Continue Reading

European Commission Issues Implementing Decision Finding Uruguay’s Data Protection Laws Provide Adequate Protection for Personal Data Transferred from EU

On 21 August 2012, the European Commission issued an Implementing Decision (the “Decision”) confirming that the Eastern Republic of Uruguay provides an adequate level of protection for personal data transferred from the European Union.  The effect of the Decision is to allow organizations established in European Member States to transfer personal data to organizations in … Continue Reading

ABA Urges U.S. Courts to Respect Foreign Data Protection Laws

Last week, the American Bar Association adopted a rule calling on U.S. courts to “consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign . . . with regard to data sought in discovery in civil litigation.”  In an extensive report accompanying the new rule, the ABA detailed the … Continue Reading

Costa Rica Adopts Data Protection Legislation

On 5 September 2011,  Costa Rica adopted a new data protection law, the “Law on the Protection of Individuals Against the Processing of Personal Data”.   The Law aims to protect the fundamental right to information self-determination of any person, regardless of nationality, residence or domicile.  Costa Rica is now the seventh country in Central and … Continue Reading

Hungary Enacts New Privacy Legislation

By Dan Cooper and Helena Marttila On 11th of July, 2011, Hungary adopted a new data privacy law (Act CXII of 2011 on Informational Self-Determination and Freedom of Information) (the “Act”), which will enter into force on 1 January 2012. The main changes brought about by the Act are briefly discussed below:… Continue Reading

South Korea Plans to End “Real Name” Web Requirements

The South Korean Ministry of Public Administration and Security reiterated support this week for its plans to abolish legislation that requires Internet users on social networks to use their real names on websites.  Currently, the law requires websites with more than 100,000 visitors per day to require users to register with their real names.  In … Continue Reading

Peruvian President Signs Privacy Law

On July 2, 2011 Peruvian President Alan Garcia signed into law the country’s Personal Data Protection Law (Ley de Protección de Datos Personales, Proyecto de Ley, available here), making Peru the latest Latin American country to adopt European-style privacy legislation. Peru is expected to develop implementing regulations to the new law in the coming months. … Continue Reading

Qatar Seeks Views on Draft Privacy Law

Qatar has published a first version of its new Personal Information Privacy Protection Law. This is a groundbreaking development as, should the law be enacted, it will make Qatar the only country in the Middle East to have nationally-applicable data protection legislation. The draft legislation applies to operators in the private and public sectors and … Continue Reading

U.S. Chamber of Commerce Hosts Event on Challenges to the Free Flow of Electronic Commercial Information

by Katie Keith On June 16, 2011, the United States Chamber of Commerce organized a forum for business leaders addressing challenges to the free flow of electronic commercial information. Panelists included academics, government officials, and policy and privacy directors from Google, AT&T, GE, Citigroup, and IBM. The event was moderated by leaders from the Commerce … Continue Reading

SWIFT Messaging Raises Unique Financial Privacy Issues

The Society for Worldwide Interbank Financial Telecommunication, or SWIFT, provides an organizational platform for facilitating international payments.  U.S. and foreign financial institutions use SWIFT messages to initiate, process, receive, and settle payment orders.  The amount of information exchanged via SWIFT is immense.  More than 9,000 financial institutions in 209 countries rely on SWIFT to process … Continue Reading
LexBlog