China s New Cybersecurity Law: Data Protection, Data Transfer and Breach Investigations in the World s Second Largest Economy
|
|
- Imogen Gray
- 6 years ago
- Views:
Transcription
1 China s New Cybersecurity Law: Data Protection, Data Transfer and Breach Investigations in the World s Second Largest Economy IPSF 2018 February 26,
2 AGENDA China's Cybersecurity Law Enforcement Landscape Takeaways for Companies Operating in China Conclusion 2 2
3 China s Cybersecurity Law Network Security Law of the People s Republic of China ( Cybersecurity Law or CSL ) Announced in 2016 by the Cyber Administration of China ( CAC ) Approved in November 2016 and took effect June 1, 2017 Contains framework regulating network products, equipment, and services, as well the operation and maintenance of information networks, the protection of personal information, and the supervision and administration of cybersecurity in China 3 3
4 Relevant Regulators Law refers to the national cyberspace authority understood to be the Cyberspace Administration of China (CAC) Other relevant regulators mentioned in the law State Council Department for Communications State Council Department for Public Security Other relevant organs (national and regional) Relevant industry organizations (national and regional) 4 4
5 Providers of Network Products and Services Definition Not expressly defined in the CSL Further information given by Measures for the Security Review of Network Products and Services ( Security Review Measures ), published in final form on May 2, 2017 and came into force along with the CSL on June 1, 2017 Requirements All network products and services to comply with national PRC standards Upon discovery of security leaks or defects, must inform users and relevant authorities and adopt remediation measures Must carry out security maintenance for customers Where a network or product has a function to collect user information, must inform user and obtain consent, and comply with laws and regulation on protection of personal information Network products and services that may implicate national security must undergo a security review by the CAC 5 5
6 Network Operators Definition Requirements Defined as owners, operators, and service providers of networks Broad definition that will likely encompass all businesses and organizations that operate a network of computer terminals and/or data storage units in China Likely also applies to entities that have websites, mobile apps, or online platforms operated or used in China Tiered security obligations Creation of an emergency response plan Technical support and assistance to state security bodies Protection of personal information of citizens Cannot disclose personal information without consent of owners In the case of data leakage, must take remedial action and report to authorities Must block, delete, and save relevant records of prohibited information published by users and report to authorities Establish cybersecurity complaint and reporting systems 6 6
7 Critical Information Infrastructure Operators Definition Requirements No clear definition of CII is included in the CSL Article 31 includes a non-exhaustive list of CII that does not include healthcare, and a catch-all provision Sector regulators have made a list, nearly all CIIOs on the list are SOEs Requirements are in addition to those for network operators Annual security assessment of cybersecurity threats When CIIOs purchase network products or services, they must sign a security and confidentiality agreement with the vendor If the network products or services might affect national security, then a national security review is required Must designate bodies responsible for security management and perform background checks on the people in those bodies Must provide cybersecurity and technical training for employees and have drills in preparation for security incidents Must institute a system of backups for important systems 7 7
8 CII: Data Localization Requirement Most significant requirement is data localization requirement CIIOs must keep important data and personal information that they have collected or produced in Mainland China within Mainland China Data cannot be sent out of the country without a legitimate business need and a security review Further details on security assessments to be given in Measures on the Security Assessment for Personal Information and Important Data to be Transmitted Abroad ( Draft Data Transfer Measures ), which has not yet come into effect Appeared to permit "implied consent" of data transfer through certain actions 8 8
9 Penalties for Noncompliance A wide range of penalties are mentioned, including: Warnings Suspension of websites Confiscation of income Fines from RMB 10,000 to 1,000,000 depending on the offense Suspension of business/ cancellation of business license 9 9
10 AGENDA China's Cybersecurity Law Enforcement Landscape Takeaways for Companies Operating in China Conclusion 10 10
11 National-Level vs. Local Enforcement Thus far, national-level enforcement appears to focus primarily on investigations into industry-wide issues and issuance of guidance. The investigations have been undertaken by a number of government bodies. It has also taken the form of meetings with China s largest internet companies regarding possible Cybersecurity Law violations. Local-level enforcement (either by local branches of national bodies or by province/local-level bodies) has looked at companies more specifically and has issued fines and other punishments
12 National-Level Enforcement Internet Products Bike Sharing Data Collection A working group from the CAC, MIIT, MPS, and SAC, reviewed the privacy policies of ten internet products and services As a result, the ten companies signed a joint personal data protection proposal A group of 10 government departments looked into bike sharing apps in China The report called on bike sharing services to install servers in China, implement efficient network security ranking protection, etc. 12 MIIT met with Baidu, Alipay, and Toutiao regarding possible violations of the CSL, including improper collection and handling of personal data Companies promised to change; MIIT has set up a monitoring system 12
13 Local-Level Enforcement: Chongqing Chongqing China Youth Daily Guangdong Network Companies Jiangsu Baidu PSB found that company did not maintain user login network information while providing internet data center services Warning asked the company to rectify its behavior within 15 days; company immediately rectified Four network companies sanctioned for breaching various provisions of the CSL The penalties included a reprimand, a requirement to rectify, a fine, and a requirement to shut down a particular website 13 Lawsuit filed against Baidu for gaining access to user information without their consent on two of its mobile apps Rectification plan was inadequate because it did not remind consumers of the purpose, mode, and scope of authorization in 13 regard to PI
14 Enforcement Against Foreign Companies No enforcement actions for the elements of the traditional cybersecurity elements of the law have yet been seen for foreign companies. However, as discussed previously, network operators are also expected to control illegal content on their networks. This came to the fore in January when the Shanghai Huangpu District Market Supervision Bureau launched an investigation into Marriott for disseminating an online questionnaire that referred to Taiwan, Hong Kong, Macau, and Tibet as separate countries. The Shanghai Cyberspace Authority closed down Marriott s China website, initially for a week
15 Enforcement Against Foreign Companies Along with Marriott, on January 12, 2018, the Shanghai CAC criticized Zara, Qantas, Delta, and Medtronic (among others) for listing Taiwan as a country on their websites. The companies were ordered to remove illegal content from their sites and make public apologies by 6 p.m. on the same day. The companies all did so. The Shanghai CAC posted on its microblog: Cyberspace is not an extralegal place, and multinational corporations should abide by relevant laws and regulations. The listing of Taiwan as a separate country was a possible violation of cybersecurity laws
16 AGENDA China's Cybersecurity Law Enforcement Landscape Takeaways for Companies Operating in China Conclusion 16 16
17 Major Changes May Be Necessary In fall 2016, U.S. submitted a document for debate to the WTO Services Council arguing that the Cybersecurity Law would be in violation of the General Agreement on Trade in Services (GATS). China has not changed its policies, however, and no formal action has been brought to date. Meanwhile, major American companies have been forced to take actions to comply with the law: Cloud services providers have been forced to partner with local providers. Apple opened a data center in Guizhou so that it can store users data onshore
18 Major Areas for Companies to Be Aware Of Companies may need to be prepared to: Get consent from users related to use and crossborder transfer Meet network security requirements Receive oversight from public security bodies and regulators Receive complaints should their websites or electronic communications contain information to which the government objects/considers harmful to national security 18 18
19 AGENDA China's Cybersecurity Law Enforcement Landscape Takeaways for Companies Operating in China Conclusion 19 19
20 Conclusion Questions? 20 20
China s New Cybersecurity Law
China s New Cybersecurity Law March 7, 2017 Presented by: Manuel E. Maisog Hunton & Williams LLP Beijing, China bmaisog@hunton.com Hunton & Williams Global Privacy & Cybersecurity Team Known globally for
More informationDATA PROTECTION LAWS OF THE WORLD. China
DATA PROTECTION LAWS OF THE WORLD China Downloaded: 14 June 2018 CHINA Last modified 29 January 2018 LAW Currently, there is not a comprehensive data protection law in the People's Republic of China ('PRC').
More information环球律师事务所. Ren Qing Partner GLOBAL LAW OFFICE. Beijing, June
An Introduction to the PRC Cyber Security Law 环球律师事务所 GLOBAL LAW OFFICE www.glo.com.cn Ren Qing Partner Beijing, June 2017 Overview: 7 Chapters and 79 Articles. Chapter I General Provisions Cyber Security
More informationTechnology and data privacy Global perspectives
Technology and data privacy Global perspectives Anna Gamvros, Partner, Hong Kong Barbara Li, Partner, Beijing Ryan Berger, Partner, Vancouver 13 September 2018 Agenda Asia privacy developments HK and China
More informationPRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology
PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology 24 October 2017 Content Overview of Cyber Security Law Observations on Implementation of Cyber
More informationChina Cybersecurity Law Interpretation. Aug 2017
China Cybersecurity Law Interpretation Aug 2017 China Cybersecurity Law Overview The " Cybersecurity Law" to be implemented in June 1, 2017 will be an important driving force for China to deepen the practice
More informationCybersecurity Considerations for GDPR
Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union
More informationContributed by Djingov, Gouginski, Kyutchukov & Velichkov
Contributed by Djingov, Gouginski, Kyutchukov & Velichkov General I Data Protection Laws National Legislation General data protection laws The Personal Data Protection Act implemented the Data Protection
More informationProcuring Telecommunications and ICT Solutions in China. Neil Gallagher Director of Sales - Europe 31 st October 2018
Procuring Telecommunications and ICT Solutions in China Neil Gallagher Director of Sales - Europe 31 st October 2018 1 Agenda A short history of Telecommunications in China The role of Ministry of Industry
More informationRegulations for Compulsory Product Certification
Regulations for Compulsory Product Certification Chapter I General Provisions Article 1 Based on relevant laws and regulations covering product safety licensing and product quality certification so as
More informationUSA HEAD OFFICE 1818 N Street, NW Suite 200 Washington, DC 20036
US-China Business Council Comments on The Draft Measures for Security Review of Online Products and Services March 6, 2017 On behalf of the more than 200 members of the US-China Business Council (USCBC),
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationData Protection in Switzerland Update Following the Safe Harbor Decision. 21 October 2015 / 6 February 2016 Christian Wyss
Data Protection in Switzerland Update Following the Safe Harbor Decision 21 October 2015 / 6 February 2016 Christian Wyss Agenda Data Protection in Switzerland The Safe Harbor Decision How to Restore Compliance?
More informationInside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.
Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization
More informationBCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement
BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement BCN TELECOM, INC. ( BCN" or "Company") has established practices and procedures adequate to ensure compliance
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationQUESTIONS AND ANSWERS ON BOA RESOLUTION
QUESTIONS AND ANSWERS ON BOA RESOLUTION 3-2016 Q1. What is the rationale for the issuance of BoA Resolution 3-2016? A1. As discussed in the Resolution, the requirements prescribed are intended to address
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)
COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion
More informationImplementing China s Cybersecurity Law
WHITE PAPER August 2017 Implementing China s Cybersecurity Law China s Cybersecurity Law came into effect on June 1, 2017. Three months later, many uncertainties remain as only some of the anticipated
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More informationEU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know
EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know The General Data Protection Regulation (GDPR) The eprivacy Regulation (epr) The Network and Information Security Directive
More informationNational Policy and Guiding Principles
National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework
More informationLiechtenstein. General I Data Protection Laws. Contributed by Wanger Advokaturbüro. National Legislation. National Regulatory Authority.
Contributed by Wanger Advokaturbüro General I Data Protection Laws National Legislation General data protection laws The Data Protection Act (the DPA ) dated 14 March 2002 and the relevant Ordinance on
More informationUS-China Business Council Comments on The Draft Cybersecurity Law
US-China Business Council Comments on The Draft Cybersecurity Law On behalf of the more than 200 members of the US-China Business Council (USCBC), we appreciate the opportunity to provide comments to the
More informationData Breach Preparation and Response. April 21, 2017
Data Breach Preparation and Response April 21, 2017 King & Spalding Data, Privacy & Security King & Spalding s 60 plus lawyer Data, Privacy & Security ( DPS ) Practice is best known for: Experienced crisis
More informationCyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology
Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology 8 December 2016 The Matrix (1999) 1 / L_LIVE_APAC1:5433168v1 World Internet
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationTerms and Conditions of Mobile Phone Service (Post-Paid) Between Operator and Subscriber
Terms and Conditions of Mobile Phone Service (Post-Paid) Between Operator and Subscriber Section 1 General 1.1 This Terms and Conditions of Mobile Phone Service shall be effective between Advanced Wireless
More informationMOTION FOR A RESOLUTION
European Parliament 2014-2019 Plenary sitting B8-0155/2019 6.3.2019 MOTION FOR A RESOLUTION to wind up the debate on the statements by the Council and the Commission pursuant to Rule 123(2) of the Rules
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationCyber Security Law --- Are you ready?
Cyber Security Law --- Are you ready? Xun Yang Of Counsel, Commercial IP and Technology 9 May 2017 1 / B_LIVE_APAC1:2207856v1 Content Overview of Cyber Security Law Legislative Development Key Issues in
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationGeneral Data Protection Regulation (GDPR) The impact of doing business in Asia
SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationRegulatory Measures on Organic Product Certification Management
Regulatory Measures on Organic Product Certification Management NO. 155 MANUSCRIPT OF STATE GENERAL ADMINISTRATION OF QUALITY SUPERVISION, INSPECTION AND QUARANTINE Chapter I: General Provisions Article
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Marissa Gordon-Nguyen Office for Civil Rights (OCR) U.S. Department of Health and Human Services June
More informationThe Apple Store, Coombe Lodge, Blagdon BS40 7RG,
1 The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union ( EU ) and will be directly applicable in all EU Member
More informationUnofficial English translation offered by EuropElectro, for reference only
Ref. No. CNCA-00C-007 DETAILED IMPLEMENTATION RULES FOR COMPULSORY PRODUCTS CERTIFICATION Submission, Dissemination and Publication of Information Issued on Jan. 8, 2014 Implemented on Jan. 8, 2014 Published
More informationSERVERS / SERVICES AT DATA CENTER AND CO-LOCATION POLICY
SERVERS / SERVICES AT DATA CENTER AND CO-LOCATION POLICY National Video Conferencing Network Version 1.0 Released January 01, 2014 HIGHER EDUCATION COMMISSION, PAKISTAN 1 GENERAL The Higher Education Commission
More informationLegal framework of ensuring of cyber security in the Republic of Azerbaijan
Legal framework of ensuring of cyber security in the Republic of Azerbaijan Bakhtiyar N.Mammadov Ministry of Communications and Information Technologies Head of Legal and HR Department ITU WSIS Thematic
More informationLegal, Ethical, and Professional Issues in Information Security
Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN
More informationExploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know
Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know Aristotelis Tzafalias Programme Officer, Trust and Security DG Communications Networks,
More informationEU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?
EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing
More informationGovernment Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security
Government Resolution No. 2443 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security It is hereby resolved:
More informationDFARS Cyber Rule Considerations For Contractors In 2018
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DFARS Cyber Rule Considerations For Contractors
More informationHong Kong s Personal Data (Privacy) Ordinance
Asia Privacy Bridge Forum 11 May 2016 Hong Kong s Personal Data (Privacy) Ordinance Fanny Wong Deputy Privacy Commissioner for Personal Data Hong Kong, China The Personal Data Landscape in Asia 2011 2003
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationDATA PROTECTION LAWS OF THE WORLD. Bahrain
DATA PROTECTION LAWS OF THE WORLD Bahrain Downloaded: 7 April 2018 BAHRAIN Last modified 25 January 2017 LAW There is currently no standalone data protection law in Bahrain. A draft is being reviewed before
More informationFDA & Medical Device Cybersecurity
FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science & Strategic Partnerships Center for Devices and Radiological Health US
More informationRegulating Cyber: the UK s plans for the NIS Directive
Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationAon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary
Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As
More informationINFORMATION SECURITY PRINCIPLES OF THE UNIVERSITY OF JYVÄSKYLÄ
INFORMATION SECURITY PRINCIPLES OF THE UNIVERSITY OF JYVÄSKYLÄ JYVÄSKYLÄN YLIOPISTO Introduction With the principles described in this document, the management of the University of Jyväskylä further specifies
More informationWhat is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller
A guide to CLOUD COMPUTING 2014 Cloud computing Businesses that make use of cloud computing are legally liable, and must ensure that personal data is processed in accordance with the relevant legislation
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationTHE CYBER SECURITY ENVIRONMENT IN LITHUANIA
Executive summary of the public audit report THE CYBER SECURITY ENVIRONMENT IN LITHUANIA 9 December 2015, No. VA-P-90-4-16 Full audit report in Lithuanian is available on the website of the National Audit
More informationThe Integrity of Personal Data: Some Topical Issues & Implications of PDPO for Business
Democratic Alliance for the Betterment and Progress of Hong Kong 21.04.2018 The Integrity of Personal Data: Some Topical Issues & Implications of PDPO for Business Stephen Kai-yi Wong, Barrister Privacy
More informationTalenom Plc. Description of Data Protection and Descriptions of Registers
Talenom Plc. Description of Data Protection and Descriptions of Registers TALENOM DESCRIPTION OF DATA PROTECTION Last updated 14 March 2018 Scope Limitations Data protection principles Personal data Registers
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationHow icims Supports. Your Readiness for the European Union General Data Protection Regulation
How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationAcceptable Use Policy (AUP)
Acceptable Use Policy (AUP) Questions regarding this policy and complaints of violations of this policy by PLAINS INTERNET users can be directed to support@plainsinternet.com. Introduction Plains Internet
More informationCERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement
CERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement Welcome to Certified Mail Envelopes and Certified Mail Labels web sites (the Site ) a website, trademark and business name owned and operated
More informationJOINT MOTION FOR A RESOLUTION
European Parliament 2014-2019 Plenary sitting B8-0154/2019 } B8-0155/2019 } B8-0159/2019 } B8-0160/2019 } RC1 8.3.2019 JOINT MOTION FOR A RESOLUTION pursuant to Rule 123(2) and (4) of the Rules of Procedure
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationData Protection System of Georgia. Nina Sarishvili Head of International Relations Department
Data Protection System of Georgia Nina Sarishvili Head of International Relations Department 14/12/2016 Legal Framework INTERNATIONAL INSTRUMENTS CoE 108 Convention AP on Supervisory Authorities and Trans-
More informationCloud Expo Asia, Hong Kong 2018 Hong Kong Convention and Exhibition Centre
Cloud Expo Asia, Hong Kong 2018 Hong Kong Convention and Exhibition Centre 16.05.2018 Cybersecurity Law, GDPR and Data Ethics Stephen Kai-yi Wong, Barrister Privacy Commissioner for Personal Data, Hong
More informationMastering Data Privacy, Social Media, & Cyber Law
Mastering Data Privacy, Social Media, & Cyber Law Data Breach Notification and Cybersecurity Developments Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy Professional/US 1 State
More informationPRC Enacts Cyber Security Law
Technology, Media & Communications PRC Enacts Cyber Security Law Introduction The state of data and cyber regulations in the People s Republic of China ( PRC ) has been the subject of much attention, particularly
More informationMYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414
MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414 The Cybersecurity Act of 2012, S. 3414, has not been the subject of a legislative hearing and has skipped regular order. HSGAC has not marked
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationDevelopments in Global Data Protection & Transfer: How They Impact Third-Party Contracts
Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Rebecca Eisner Partner +1 312 701 8577 reisner@mayerbrown.com Mark Prinsley Partner +44 20 3130 3900] mprinsley@mayerbrown.com
More informationReview of the Canadian Anti-Spam Legislation
Review of the Canadian Anti-Spam Legislation Rogers Communications Brief October 17, 2017 1 Rogers Communications Deborah Evans 350 Bloor Street East Toronto, Ontario M4W 0A1 RCI.Regulatory@rci.rogers.com
More informationUpdate on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules
Update on Administration and Enforcement of the HIPAA Privacy, Security, and Breach Notification Rules Wandah Hardy, RN BSN, MPA Equal Opportunity Specialist/Investigator Office for Civil Rights (OCR)
More informationIntegrating HIPAA into Your Managed Care Compliance Program
Integrating HIPAA into Your Managed Care Compliance Program The First National HIPAA Summit October 16, 2000 Mark E. Lutes, Esq. Epstein Becker & Green, P.C. 1227 25th Street, N.W., Suite 700 Washington,
More informationDr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt
Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA The African Internet Governance Forum - AfIGF2017 5 Dec 2017, Egypt Agenda Why? Threats Traditional security? What to secure?
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationGDPR - Are you ready?
GDPR - Are you ready? Anne-Marie Bohan and Michael Finn 24 March 2018 Matheson Ranked Ireland s Most Innovative Law Firm Financial Times 2017 International Firm in the Americas International Tax Review
More informationEU Data Protection Agreement
EU Data Protection Agreement This Data Protection Agreement ("Agreement") is entered into by and between TechTarget, Inc., a Delaware corporation with a principle place of business at 275 Grove Street,
More informationSecurity of Critical Information Infrastructure: Legal Issues
Security of Critical Information Infrastructure: Legal Issues Edward Bekeschenko, Partner INFOC Committee Meeting 26 May 2017 Agenda 1 Trends in Russia 3 2 International Practices 8 1 Trends in Russia
More informationHow WhereScape Data Automation Ensures You Are GDPR Compliant
How WhereScape Data Automation Ensures You Are GDPR Compliant This white paper summarizes how WhereScape automation software can help your organization deliver key requirements of the General Data Protection
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationA Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions
May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media
More informationAgenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute
Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement
More informationAdvising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015
Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda Introductions / Administrative Cybersecurity risk legal landscape Cyber threats Legal risks in the aftermath of a
More informationIt applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).
Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations
More informationTHE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER
THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE May 11, 2017 EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationCyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationPRIVACY POLICY OF.LT DOMAIN
PRIVACY POLICY OF.LT DOMAIN Status Up-to-date version Date 2018-05-25 CHAPTER I GENERAL PROVISIONS 1. Privacy policy of.lt domain (hereinafter Privacy Policy) stipulates conditions of processing, legal
More informationPresidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure EXECUTIVE ORDER [13800] - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS
More informationData Privacy & Protection
Data Privacy & Protection March 10, 2016 Data Breach Notification and Cybersecurity Developments in 2016 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy Professional/US This
More informationSeven Requirements for Successfully Implementing Information Security Policies and Standards
Seven Requirements for Successfully Implementing and Standards A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information
More informationInternational Conference on Automation, Mechanical Control and Computational Engineering (AMCCE 2015)
International Conference on Automation, Mechanical Control and Computational Engineering (AMCCE 2015) Risk Management Theory Application in national information security risk control Analysis of the relationship
More informationViews on the Framework for Improving Critical Infrastructure Cybersecurity
This document is scheduled to be published in the Federal Register on 12/11/2015 and available online at http://federalregister.gov/a/2015-31217, and on FDsys.gov Billing Code: 3510-13 DEPARTMENT OF COMMERCE
More informationHow to Prepare a Response to Cyber Attack for a Multinational Company.
You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,
More informationOutsourcing und Data Protection
Outsourcing und Data Protection Clara-Ann Gordon IAPP Workshop on Outsourcing, 9 May 2017 Subject Matter Outsourcing: depending on area different meaning and requirements However always personal data are
More informationEnterprise Income Verification (EIV) System User Access Authorization Form
Enterprise Income Verification (EIV) System User Access Authorization Form Date of Request: (Please Print or Type) PART I. ACCESS AUTHORIZATION * All required information must be provided in order to be
More information