UK Government Plans New Cybersecurity Law
21 April 2021
Against a background of booming sales of smart devices and consumers increasingly relying on connected products at work and at home during the Covid-19 pandemic, the UK Government has decided that the pace of cybersecurity improvement needs to be accelerated.
The Department of Culture, Media and Sport (DCMS) has announced that as soon as parliamentary time allows it will introduce a new law to protect people from cyber attacks caused by vulnerabilities in 'Internet of Things' (IoT) smart devices such as phones, speakers, doorbells, watches, toys, TVs, cameras, and yes - smart fridges too.
Under the new legislation it is proposed that:
- easy-to-guess default passwords will be banned
- companies will have to make it easier for people to report software bugs that could be exploited by hackers
- manufacturers will need to tell customers buying devices how long their purchase will receicve guaranteed security updates
- devices will have to meet new (stricter) standards
It is understood that the new law will have teeth. An as yet unnamed enforcement body will be given powers to investigate allegations of non-compliance and take steps to ensure compliance. It will have powers to issue corrective measures, sanctions and in the most serious cases instigate criminal proceedings.
No timetable for the introduction of the new law has yet been announced.
Copyright © Exigia Ltd., All rights reserved
UK On Track to EU Adequacy
19 April 2021
Having left the EU, the UK has become been a 'third country', in particular in relation to data protection. A temporary arrangement that expires on 30th June has meant that to date little has changed and transfers of personal data have been flowing largely as before. For more permanent stability however, the UK needs to be regarded as 'adequate' by its near neighbours.
Adequacy came a step closer on 13th April when the EU Data Protection Board (EDPB) announced that it would be recommending approval of the UK's status in regard to both transfers of personal data (under the EU GDPR) and transfers of personal data under the Law Enforcement Directive (LED).
The EDPB also recommended that the UK's data protection regime be kept under scrutiny in relation to access by UK public authorities to EU personal data for national security purposes and as EU data protection legislation develops.
Under the complicated EU process, EU Member States will also shortly assess UK adequacy before the final decision can be adopted by the European Commission.
Copyright © Exigia Ltd., All rights reserved
Privacy Day 2021
28 Jan 2021
The 28th January each year is 'officially' known as Data Privacy Day or Data Protection Day in Europe where it originated.
Not an opportunity that greetings card manufacturers have latched onto (yet), but nevertheless a good opportunity to take stock of the importance of privacy in our lives.
If you want to know the background, here are the details from the Council of Europe.
Co-incidentally, we were struck the other day by the attitude that organisations sometimes adopt to the issue.
Have a look at this popup taken from a well known media website. It's wonderful that the publishers are trying to explain their policies in such a prominent way, but the flippancy and level of dismissiveness shown in the bottom paragraph are astonishing.
Maybe they aren't a very serious publication and at least they don't say they were 'taking our privacy and data protection seriously'. We are sadly left reminding ourselves that the British press doesn't have an enviable record on this subject.
Copyright © Exigia Ltd., All rights reserved