On 14 May 2015, the Private Security (Licensing and Standards) (Private Investigator) Regulations 2015 (S.I. No 195 of 2015) were signed into law. The Regulations mark the outcome of a Private Security Authority (PSA) public consultation conducted last January following high profile prosecutions for breaches of data protection law in the
On 1 August 2014, the International Standards Organisation (ISO) and the International Electrotechnical Commission (IEC) published the first privacy-specific international standard for the cloud: ISO/IEC 27018 "Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors". Early adopters Microsoft announced on 16 February 2015 that it was the first company to receive certification for the standard.Continue Reading First international privacy-specific cloud standard adopted by Microsoft
On 3 February 2015, the Securities and Exchange Commission (the "SEC") and the Financial Industry Regulatory Authority ("FINRA") both issued cybersecurity reports to the US securities industry. The SEC is the US Federal Government’s securities regulatory agency, while FINRA is a private company that acts as a self-regulatory organisation for US securities firms. The publications highlight the increased US regulatory focus in this area.
The Risk Alert summarises the SEC’s findings following its examination of 57 broker-dealers’ and 49 investment advisers’ controls regarding cybersecurity preparedness. Notable statistics from the firms examined include:
– 88% of broker-dealers and 74% of investment advisers have experienced cyberattacks either directly or through one of their vendors. The majority of the cyberattacks involved the use of malware and fraudulent emails but no single loss exceeded $75,000;
– 93% of broker-dealers and 83% of investment advisers have written information security policies in place, of those, 89% of broker-dealers and 57% of investment advisers periodically audit policy compliance;
– 58% of broker-dealers and 21% of investment advisers maintain cybersecurity insurance, however, only one broker-dealer and one investment adviser reported that they had filed claims; and
– Only 15% of broker-dealers and 9% of investment advisers offer security guarantees to protect their clients against cyber related loss.Continue Reading Two US regulatory bodies simultaneously publish cybersecurity reports