Cyber Security Law --- Are you ready?

Similar documents
PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

Cyber Risks in the Boardroom Conference

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

GDPR compliance: some basics & practical to do list

2017 INVESTMENT MANAGEMENT CONFERENCE NEW YORK Big Data: Risks and Rewards for Investment Management

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Distribution in the New Digital World: The EU s Digital Single Market Strategy. Peter Meyer George Morris Ajit Kainth

HOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA

How to Prepare a Response to Cyber Attack for a Multinational Company.

The GDPR Are you ready?

NYDFS Cybersecurity Regulations

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Motorola Mobility Binding Corporate Rules (BCRs)

Integrating Information Security Protections In Supplier Agreements: Guidance for Business and Technology Counsel

GDPR: A QUICK OVERVIEW

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Cyber Threat Landscape April 2013

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

GDPR is coming in less than 2 months Are you ready?

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

Clarity on Cyber Security. Media conference 29 May 2018

USA HEAD OFFICE 1818 N Street, NW Suite 200 Washington, DC 20036

Cyber Security Strategy

ISACA Cincinnati Chapter March Meeting

HIPAA Privacy, Security and Breach Notification

Enterprise resilience and the role of Standards

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Cyber Crime Seminar 8 December 2015

LCU Privacy Breach Response Plan

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

Prohire Software Systems Limited ("Prohire")

Digital Health Cyber Security Centre

BHConsulting. Your trusted cybersecurity partner

Hacking and Cyber Espionage

Protecting your data. EY s approach to data privacy and information security

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Security Takes Center Stage

Canada Life Cyber Security Statement 2018

OPTIMIZING CONNECTIVITY: Updated Recommendations to Improve China s Information Technology Environment

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

M&A Cyber Security Due Diligence

Digitalisation of Companies: What an in-house counsel needs to know

Key issues for digital product distribution and online sales in the EU. Charles Bankes Peter Meyer Ombline Ancelin Ajit Kainth

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

Data Protection and GDPR

Top Five Privacy and Data Security Issues for Nonprofit Organizations

Technology and data privacy Global perspectives

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Public vs private cloud for regulated entities

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Managing the risks of cloud computing

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

On the Radar: IBM Resilient applies incident response orchestration to GDPR data breaches

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Auditing IT General Controls

IT-CNP, Inc. Capability Statement

PRIVACY NOTICE BACKGROUND:

EU General Data Protection Regulation (GDPR) Achieving compliance

Critical Information Infrastructure Protection Law

The Role of the Data Protection Officer

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

FDIC InTREx What Documentation Are You Expected to Have?

Hong Kong s Personal Data (Privacy) Ordinance

Application for Certification

Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Best Practices for Campus Security. January 26, 2017

The HIPAA Omnibus Rule

Vulnerability Assessments and Penetration Testing

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

The Impact of Cybersecurity, Data Privacy and Social Media

2014 Luxury & Fashion Industry Conference for Multinationals

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors

Big data privacy in Australia

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

IT Attestation in the Cloud Era

Regulating Cyber: the UK s plans for the NIS Directive

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Legal, Ethical, and Professional Issues in Information Security

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Overview. Business value

Knowledge Portal User Guide (Interactive PDF)

Protecting Personal Data from Cyber-Attacks

POSITION DESCRIPTION

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

DATA PRIVACY & SECURITY THE CHANGING HIPAA CLIMATE

Accelerate GDPR compliance with the Microsoft Cloud

Marketing Law in Canada Has Changed... Are You Ready?

Building Trust in the Cloud Era - Protect, Respect Personal Data

Transcription:

Cyber Security Law --- Are you ready? Xun Yang Of Counsel, Commercial IP and Technology 9 May 2017

1 / B_LIVE_APAC1:2207856v1

Content Overview of Cyber Security Law Legislative Development Key Issues in Cyber Security Protection Practical Suggestions in Protecting Cyber Security 2 / B_LIVE_APAC1:2207856v1

Overview of Cyber Security Law 3 / B_LIVE_APAC1:2207856v1

Overview of Cyber Security Law Historical Review 4 / B_LIVE_APAC1:2207856v1

Overview of Cyber Security Law Content (1) National Security Law Industry-specific rules Piecemeal Data Protection Rules Cyber Security Law Practice 5 / B_LIVE_APAC1:2207856v1

Overview of Cyber Security Law Content (2) Development of cyber security technology Security duties of network operators Extra duties of operators of critical information infrastructure Personal data protection Obligations to cooperate with government against cyber crimes 6 / B_LIVE_APAC1:2207856v1

Overview of Cyber Security Law Regulatory bodies MPS CAC MIIT Industry Regulators 7 / B_LIVE_APAC1:2207856v1

Overview of Cyber Security Law Trend To bring cyber security and personal information protection onto a state interest level To enact new laws and administrative rules to implement the Cyber Security Law To carry out security inspection from time to time 8 / B_LIVE_APAC1:2207856v1

Legislative Development 9 / B_LIVE_APAC1:2207856v1

Legislative Development New legislations since the promulgation of Cyber Security Law 10 / B_LIVE_APAC1:2207856v1

Legislative Development Key Messages Encouragement of industrial informationalisation Systematical enforcement of cyber security rules Strengthened protection of personal information Linkage of data protection with national interest 11 / B_LIVE_APAC1:2207856v1

Legislative Development Encouragement of industrial informationalisation Security products Equipment Service Technology Data business Big data Cloud business 12 / B_LIVE_APAC1:2207856v1

Legislative Development Systematical enforcement of cyber security rules Include cyber security into existing laws Upgrade of legislative levels Consolidation and clarification of existing rules Encryption Personal Terminal Compan y server Offshore server Access Networ k Internet Network access permission Network infrastructure 13 / B_LIVE_APAC1:2207856v1

Legislative Development Strengthened protection of personal information Scope of coverage Specific coverage to comprehensive coverage Detailed rules Definition Standard Process Methodology Remedies Administrative Civil Criminal 14 / B_LIVE_APAC1:2207856v1

Legislative Development Linkage of data protection with national interest Personal data Business data National interest / sovereignty State secret Business continuity 15 / B_LIVE_APAC1:2207856v1

Key Issues in Cyber Security Protection 16 / B_LIVE_APAC1:2207856v1

Key Issues in Cyber Security Protection Do we need to retain data in China? State secret? Administrative restrictions? Threshold Security measures National interest National sovereignty Population and healthcare Financial data Achieve CII Industry Possibility of being misused Volume Selfcensorship Government screening 17 / B_LIVE_APAC1:2207856v1

Key Issues in Cyber Security Protection Is depersonalization a way to bypass data protection restrictions Anonymi -zation vs. pseudonymisati on 18 / B_LIVE_APAC1:2207856v1

Key Issues in Cyber Security Protection Can we outsource data processing? Business reasons Data risks Purpose of outsourcing Legal restrictions Prohibited Restricted Technical Financial Legal Vendor due diligence Conditions Informed consent Technical restrictions 19 / B_LIVE_APAC1:2207856v1

Key Issues in Cyber Security Protection Are we required to procure only domestic network products / services? Licensing Requirements Security Considerations Telecoms services Network access device Encryption Security levels Supply chain risks Back door risks Excessive Reliability 20 / B_LIVE_APAC1:2207856v1

Practical suggestions in protecting cyber security 21 / B_LIVE_APAC1:2207856v1

Practical suggestions in protecting cyber security Hints IT risk governance and management plan Management of business process from an information governance aspect Privacy policy and informed consent Managing external service providers Incident management Cyber security as an ongoing process 22 / B_LIVE_APAC1:2207856v1

Practical suggestions in protecting cyber security IT risk governance and management plan (1) External service provider Directors and senior management IT Business Legal HR 23 / B_LIVE_APAC1:2207856v1

Practical suggestions in protecting cyber security IT risk management plan (2) Understand the business process Data classification Information flow Human inference Risk identification Technical risks Behavioural risks Risk mitigating measures Proactive measures Remedial measures Policy implementation Consultation and publication Policy management Training Policy Documentation To be consistent with global policy Translation Policy Review To address business concerns To meet statutory requirements 24 / B_LIVE_APAC1:2207856v1

Practical suggestions in protecting cyber security Management of business process from an information governance aspect Informed consent, consistence with purpose? Need to know? Business usage Information collection /acquisition Information processing Outsourcing Data storage Management of service levels / IP rights Data disposal IT Infrastructure IT risk management Storage requirement 25 / B_LIVE_APAC1:2207856v1

Practical suggestions in protecting cyber security Privacy policy and informed consent Content to be informed Necessity for current and future use Clarity and flexibility Manner of description and display Scope; Manner Technology communication channels Do we need to cover all possible future use? Depersonalization including but not limited to all other legitimate purpose Accuracy vs. plain language Manner of display and consent 26 / B_LIVE_APAC1:2207856v1

Practical suggestions in protecting cyber security Managing external service providers When? IT outsourcing: call centres, data processers, IDC, cloud, developers Business vendors: distributors, subcontractors How? Due diligence Contract Auditing What? Legal restrictions SLs: responding vs. resolution Warranties and liabilities Intellectual properties Interim measures 27 / B_LIVE_APAC1:2207856v1

Practical suggestions in protecting cyber security Incident management Incident appraisal Communication management Adoption of remedial measures Allocation of resulting liabilities Team formation 28 / B_LIVE_APAC1:2207856v1

Practical suggestions in protecting cyber security Cyber security as an ongoing matter Development of the law Change of industrial practice Evolution of new business processes 29 / B_LIVE_APAC1:2207856v1

Q&A Xun Yang Of Counsel, Shanghai T: +86 86 21 6249 0700 M: +86 186 21001091 E: xun.yang@simmons-simmons.com Xun advises on commercial, regulatory and intellectual property matters with a particular focus on life science, financial services and telecoms sectors. He has significant experience in advising on technology transactions, IT services, outsourcing, IP protections, data privacy, and investment in sensitive sectors. 30 / B_LIVE_APAC1:2207856v1

31 / B_LIVE_APAC1:2207856v1

simmons-simmons.com elexica.com This document is for general guidance only. It does not contain definitive advice. SIMMONS & SIMMONS and S&S are registered trade marks of Simmons & Simmons LLP. Simmons & Simmons is an international legal practice carried on by Simmons & Simmons LLP and its affiliated practices. Accordingly, references to Simmons & Simmons mean Simmons & Simmons LLP and the other partnerships and other entities or practices authorised to use the name Simmons & Simmons or one or more of those practices as the context requires. The word partner refers to a member of Simmons & Simmons LLP or an employee or consultant with equivalent standing and qualifications or to an individual with equivalent status in one of Simmons & Simmons LLP s affiliated practices. For further information on the international entities and practices, refer to simmonssimmons.com/legalresp. Simmons & Simmons LLP is a limited liability partnership registered in England & Wales with number OC352713 and with its registered office at CityPoint, One Ropemaker Street, London EC2Y 9SS. It is authorised and regulated by the Solicitors Regulation Authority. A list of members and other partners together with their professional qualifications is available for inspection at the above address. 32 / B_LIVE_APAC1:2207856v1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback