Error: Can't connect Warning: mysqli_query() expects parameter 1 to be mysqli, null given in /home/customer/www/hsfnotes.com/public_html/wp-content/themes/hsfnotes/template-parts/tpl_filters.php on line 186
Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, null given in /home/customer/www/hsfnotes.com/public_html/wp-content/themes/hsfnotes/template-parts/tpl_filters.php on line 187
On March 15, 2022, US President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA or the Act) into law. Under its provisions, a broad range of private and public-sector entities operating in “critical infrastructure” sectors will for the first time have mandatory reporting obligations in connection with “cyber incidents” and ransomware attacks. Specifically, “covered entities” are required to report certain “substantial” cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of the event, and to report ransomware payments within 24 hours of payment. Read more
Following the HKMA’s 21 April 2021 circular highlighting the additional guidance issued by the BCBS on 31 March 2021, namely the Principles for Operational Resilience and the Revised Principles for Sound Management of Operational Risk, the HKMA launched a consultation on 22 December 2021 on a new proposed Supervisory Policy Manual module OR-2 (Operational Resilience) and proposed amendments to existing SPM modules TM-G-2 (Business Continuity Planning) and OR-1 (Operational Risk Management) in order to align with the BCBS’s operational resilience guidance. Read more
This e-bulletin summarises the latest developments in cybersecurity and data protection in China. We focus on four areas: regulatory, enforcement, industry and international developments. Our Highlights Whilst the MIIT continues to crack down on mobile applications that infringes individuals’ interests in personal information, four ministries jointly issued the regulations setting out the scope of personal … Read more
This e-bulletin summarises the latest developments in cybersecurity and data protection in China. We focus on four areas: regulatory, enforcement, industry and international developments. Our Highlights The financial regulators have continued to increase their efforts to develop and protect financial data. The People’s Bank of China released new standards on enhancing the data capability of … Read more
2020 has been an active year for developments in China’s cybersecurity and data protection regimes. In this e-bulletin we highlight the major regulatory and enforcement developments during the year in three key areas: Security protection, where continuous regulatory efforts have been made to supplement technical standards in order to progress the establishment of the multi-level … Read more
In this bulletin we summarise recent updates relating to cybersecurity and data protection in China to keep you updated on developments. We focus on four areas: regulatory developments, enforcement developments, industry developments and international developments. For further detail, please see our update here. Read more
Today the UK government introduced the Telecommunications (Security) Bill (the “Bill”) to Parliament, to more heavily regulate the UK telecoms sector and improve cyber security risk management, policy and enforcement. With significant sanctions for non-compliance, this “ground breaking” Bill is expected to provide the UK with “one of the toughest telecoms security regimes in the … Read more
Summary The ICO has fined Marriott Inc (“Marriott”) £18.4 million in relation to a 2014 cyber-attack on Starwood Hotels. The ICO had previously issued a notice of its intention to fine Marriott £99.2 million. The Penalty Notice does not explain the reasons why the final fine is considerably lower than this amount. Following the ICO’s … Read more
The ICO has fined British Airways £20 million for breach of the GDPR in relation to its 2018 data breach. This is a significant reduction in the original proposed fine of £183 million. In the monetary penalty notice issued to British Airways, the ICO has confirmed that the reduction of almost 90% was only … Read more
