In a previous article, we discussed what the NIS Directive is. The European Union developed the Directive in response to the emerging cyber threats to critical infrastructure and the impact cyber-attacks have on society and the European digital market. The NIS Directive sets three primary objectives: The “actors of particular importance” are the operators providing essential services (OES) and digital service providers (DSP) in the EU.

The New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) or Senate Bill 5575, was enacted on July 25, 2019 as an amendment to the New York State Information Security Breach and Notification Act. The law goes into effect on March 21, 2020. The motivation behind the SHIELD Act is to update New York's data breach notification law to keep pace with current technology.

The NIS Directive is the first EU horizontal legislation addressing cybersecurity challenges and a true game-changer for cybersecurity resilience and cooperation in Europe. The Directive has three main objectives. The NIS Directive is the cornerstone of the EU’s response to the growing cyber threats and challenges which are accompanying the digitalization of our economic and societal life.

The Federal Information Security Management Act of 2002 (FISMA) is a United States federal law that defines a comprehensive framework to protect government information, operations and assets against natural and manmade threats. FISMA was enacted as part of the E-Government Act of 2002.

Dr. Maxine Henry, one of Reciprocity’s renowned GRC experts, led a webinar on the California Consumer Protection Act (CCPA). This sweeping legislation creates data privacy rights for covered consumers—which means it also imposes obligations on businesses to safeguard personal information. Before implementation on January 1, 2020, Dr. Henry discusses how to prepare.

In the digital age, more often than not, you can be sure that some enterprise has hold of your personal information. This information could be your name, email, phone number, IP address, country and other details. This can come from submitting a form, subscribing to a newsletter, accepting cookies, accepting the privacy policy or terms and conditions when creating an account or downloading software.

GDPR is a landmark in privacy jurisdiction. Through its 99 articles, it sets a framework for both businesses and individuals on their rights and responsibilities when it comes to protecting privacy. The most important element in my opinion is that privacy functions a fundamental human right and needs to be protected.

In July 2019, UK Information Commissioner’s Office (ICO) announced its intention to fine two companies for violating the European Union’s General Data Protection Regulation (GDPR). ICO began by disclosing its intention to penalize British Airways in the amount of £183 million (approximately $224 million) on 8 July.

Cyber security may be about to become more than AOB for organisational boards across the country. British Airways has been struck with a record-breaking £183-million fine as a result of its data breach last year in which around 500,000 customers had their data stolen, including credit card and CVV numbers.

What’s happened? British Airways is facing a record fine of £183 million, after its systems were breached by hackers last year and the personal and payment card information of around 500,000 customers were stolen. 183 million quid!? That sounds huge! Yes, it’s the biggest fine ever handed out by the UK’s Information Commissioner’s Office (ICO).