You are here
Home > News > Cyberlaw

Australian encryption Bill raises bar for outrageous legislation: Comms Alliance

I always appreciate the robust language used in Australia. The problem with drafting legislation about technical issues using language to be interpreted by the courts is that a judge and I may have very different interpretations of what a 'systemic weakness' is...: [...] A little over a week since the window closed for public submissions on the government's draft Assistance and Access Bill, Minister for Home Affairs Peter Dutton on Thursday introduced the Bill into the House

Lawmakers pressure Google to share how YouTube collects, uses kids’ data

I have some sympathy with the content providers here. If an 8 year old pretends to be over 13 to gain access to YouTube, then that's a parenting issue...: [...] Rep. David Cicilline, a Democrat from Rhode Island, and Jeff Fortenberry, a Republican from Nebraska, said in their letter that YouTube's data collection practices "may not be in compliance with the Children's Online Privacy Protection Act of 1998," or COPPA, a federal law regulating user data collection from site

ENISA launches Cybersecurity Strategies Evaluation Tool

Useful to know of this tool for several reasons. First, some of the burden of implementing a security strategy will be pushed onto enterprises; second, it's a useful checklist to see if your government is doing the right things. I'm sure you can find other uses...:   [...] For each strategic objective, the tool offers recommendations and ideas on how to improve. ENISA developed the tool with the aim to provide results in a quick, easy and user-friendly manner....

New Spanish Regulation on Cybersecurity

The Spanish regulator has a history of levying the maximum fine possible as it sees itself as a recoverable cost centre. If you're responsible for critical infrastructure that operates in Span, be warned...: Last September 8, 2018 the Royal Decree-law 12/2018, on security of networks and information systems, which transposes Directive (EU) 2016/1148 of 6 July 2016 concerning the measures for a high common level of security of network and information systems across the Union

Waiver of privilege over cybersecurity report 1

This is an interesting ruling. If you suffer an attack, then have a security company come and clean up and report back, that company's findings may not be protected by privilege if an action is brought against you...: In 2016, Casino Rama suffered a cyberattack. The customers and employees allegedly harmed by the cyberattack initiated a class action against Casino Rama and brought a certification application. The Ontario Class Proceedings Act requires that each party to a mo

UK mass surveillance violates right to privacy, rules European court

Note that this is mostly about a failure of governance rather than ruling mass surveillance as illegal...: In a landmark decision on Thursday, the European Court of Human Rights (ECHR) ruled that parts of the United Kingdom's mass surveillance program violate the targets' right to privacy. Human rights groups, civil liberties organizations, privacy advocates and journalists brought the case to Europe's top rights court. The groups launched their legal challenge after US w

Coordination & sharing: China on fast track for integration into global internet security governance

He's right, it takes a 'village' to bring up a wayward child like the internet... [...] Qi Xiangdong, co-chairman of ISC and Internet security expert, pointed out that the cybersecurity incidents of the past few years have shown that the protection system of the enterprise, the isolation network, and even the protection system of the strongest security department all "failed", adding that it is not outdated technologies which are to blame. He said that the huge changes in th