Government Regulation, Legislation & Enforcement – Page 17

EU and U.S. Agree in Principle on New Trans-Atlantic Data-Transfer Agreement

Oct 28 2015

On 26 October 2015, European Commissioner Vera Jourová, announced that the European Union had agreed in principle with the US on a new trans-Atlantic data-transfer agreement. Commissioner Jourová made the announcement in a speech, before the Committee on Civil Liberties, Justice and Home Affairs, which addressed the recent judgment of the European Court of Justice that invalidated the safe harbour scheme between the two countries (Schemes decision). Commissioner Jourvá said, “there is agreement…in principle, but we are still discussing how to ensure that these commitments are binding enough to fully meet the requirements of the Court.” She also added that she expected both sides to make progress on the remaining technical points of discussion by mid-November, when she is scheduled to visit the US. The European Commission is also planning on issuing an explanatory Communication on the consequences of the Schemes decision so that businesses and industry have ‘clear explanations and a uniform interpretation of the ruling.’ The European Commission are also working towards a pending deadline set by European data protection authorities who have said that if, by the end of January 2016, no appropriate solution is found with the U.S. authorities, they will take all necessary and appropriate steps (including enforcement action) to enable data transfers to the U.S. that respect fundamental rights.

The European Commission’s press release can be found here.

Cybersecurity Risk Management – Financial Services Entities Required to Act

Oct 20 2015

By Jim Bulling

It seems clear following the release in March this year of ASIC Report 429 Cyber Resilience, that all Australian Financial Services Licensees and superannuation funds are currently required to include in their risk management framework measures aimed at addressing the risks posed by cybersecurity breaches.

In addressing the risks ASIC recommends that the U.S. National Institute for Standards and Technology (NIST) framework is a relevant risk management tool. The NIST standards set out the key objectives of an appropriate risk framework:

identify the critical assets and governance processes
protect critical assets
detect breaches and incidents
responses to breaches and incidents
recovery and reinstatement of systems.

You can download a copy of the framework here

These objectives will need to be merged into the existing financial services policy frameworks which financial services entities already have in place.

New Data Retention Laws Implementation Deadline

Oct 12 2015

By Cameron Abbott and Melanie Long

From 13 October 2015, telecommunications service providers that use communications infrastructure in Australia to provide any of their services may be required to retain and secure certain data for two years. The new obligations under the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Cth) apply to licensed carriers, carriage service providers and internet service providers. However, some services are specifically excluded including, for example, broadcasting services. The data retention obligations will apply regardless of the size of the company and/or its customer base.

Broadly, the type of data that must be retained includes:

the source and destination of a communication
the date, time and duration of a communication
communication type
location of communications equipment.

ASIC Releases Updated Guidance on Electronic Disclosure

Jul 28 2015

by Jim Bulling and Julia Baldi

ASIC has released updated guidance on electronic disclosure. RG 221:Facilitating online financial services disclosures. It outlines ASIC’s expectations for financial services providers that use (or plan to use) technology, including email and the internet, to deliver financial product and financial services disclosures to clients.

See RG 221 here.

Cyber Resilience for Financial Services Entities

May 20 2015

by Jim Bulling and Julia Baldi

ASIC Report 429
In March this year, the Australian Securities and Investments Commission (ASIC), issued Report 429 Cyber resilience: Health check (REP 429). The report aims to highlight the importance of cyber resilience for entities regulated by ASIC, including Australian Financial Services Licence holders, Australian Credit Licence holders and listed entities. The Report indicates that ASIC is keen to ensure that Australia keeps pace with developments in Europe and the United States in combatting cybersecurity risks.

Click here to read the full article.

Government Regulation, Legislation and Enforcement Updates

Apr 20 2015

by Jim Bulling and Julia Baldi

Australian Federal Government Cybersecurity Review
The Australian Federal Government holds a Cybersecurity Review.

See the Australian Government’s summary of the review here.

SEC Guidance Update
The SEC’s Investment Management Team published a Guidance Update which outlines measures managed funds and investment advisers may wish to consider in addressing cybersecurity risk. The guidance includes practical tips applicable to Australian entities.

See the Guidance Update here.

Government Regulation, Legislation and Enforcement Updates

Feb 01 2015

by Jim Bulling and Julia Baldi

China Introduces new Cybersecurity Laws
China introduced new cybersecurity laws, which require both local and foreign banks and financial institutions with Chinese clients (including Australian financial institutions) to use IT equipment deemed “secure and controllable” by Beijing. The breadth of the laws has upset foreign financial institutions given the potential cost of compliance if foreign entities must implement IT equipment systems in accordance with Chinese directives.

See the Financial Times report here.

Catagory:Government Regulation, Legislation & Enforcement