Cybersecurity and Data Protection in Europe: Latest Need-to-Know

“The European Network and Information Security Agency’s recent report on the cyber threat landscape highlights the vulnerability of network information system technologies, such as cloud computing and associated big data sets, where the concentration of vast amounts of data in few logical locations makes it an attractive target for cyber threat agents.”

Do business in Europe? You should know:

1. Proposed new Cybersecurity Directive:

“On 7 February, the European Commission (EC) published an EU Cyber Security Strategy encompassing a proposed Directive on Network and Information Security (NIS Directive). The aim of the Strategy and NIS Directive is to establish a secure and trustworthy digital environment while promoting and protecting fundamental rights, including data protection, democracy and the rule of law… The Commission Strategy in the NIS Directive … strives to facilitate uniform implementation across the EU whereby each Member State adopts a national network and information security strategy. The NIS Directive still allows a degree of flexibility for Member States to implement it in their national legislation proportionate to the actual risks at a national level, while still achieving the desired adequacy level.” (Reed Smith)

2. Report on 2012’s proposed EU Data Protection Regulation:

“The report, which includes the European Parliament’s proposal for a revised draft of the Regulation runs to an astounding 215 pages… Many of the changes proposed by the Parliament substantially increase the burden on businesses by tightening up existing bases for using personal data. The treatment of user consent is particularly alarming… On the other hand, some revisions proposed by the Parliament provide useful clarification and even in some cases cut back the burden that the Commission’s draft would impose on businesses.” (Mintz Levin)

3. UK fines Sony $400K for data breach:

“[T]he UK Data Protection Watchdog—the UK Information Commissioner’s Office (ICO)—fined Sony Computer Entertainment Europe Limited £250,000 (about $400,000) for its alleged failure to implement appropriate security measures and prevent a security incident that occurred in April 2011. The incident arose from the hacking of Sony’s PlayStation Network gaming platform… According to the ICO’s news release on Sony, the security incident compromised the ‘personal information of millions of customers, including their names, addresses, email addresses, dates of birth and account passwords. Customers’ payment card details were also at risk.’” (Wilson Sonsini)

The updates:

Find related EU Data Protection updates on JD Supra>>