Tuesday, January 21, 2020


Cyber insurers have been recommending payment of the ransom. Will they fight this bill?
N.Y. Senator Carlucci Introduces Bill That Prohibits Paying Ransom
New York Senator David Carlucci introduced Senate Bill S7289 that would ban the paying of ransom.
The bill prohibits municipal corporations or other government entities from paying ransom in the event of a cyber-attack against them.


(Related)
Possessing Ransomware Could Become Illegal in Maryland
Lawmakers in the state of Maryland are considering making it a criminal offense to be in possession of ransomware.
A bill was introduced on Tuesday, January 14, that seeks to penalize Marylanders who knowingly possess the malware and intend to use it to cause harm. The bill also grants victims of a ransomware attack the right to sue the hacker for damages in civil court.
The state has already outlawed the use of malicious technology to extort money out of victims. Senate Bill 30, which was heard before the Senate Judicial Proceedings Committee last week, would make it a misdemeanor to be in possession of ransomware with the intent to use it in a malicious manner.




You should look for Best Practices anywhere. If you have second rate security, you are a much more attractive target for hackers.
India Plans to Mandate Cyber Security Measures for Power Grids
India’s electricity grid operators will have to install firewalls and other measures used by companies to avert an attack on their information technology systems and check rising hacking incidents of power networks across the world.
Grid operators and regulatory agencies will need to have a continuity plan handy in the event of a cyber attack, according to draft rules published by the Central Electricity Regulatory Commission. The move is part of an overhaul of the decade-old guidelines.




As expected or as feared.
GDPR: 160,000 data breaches reported already, so expect the big fines to follow
Analysis by law firm DLA Piper found that after the General Data Protection Regulation (GDPR) came into force on 25 May 2018, the first eight months saw an average of 247 breach notifications per day. In the time since, that has risen to an average of 278 notifications a day.
"GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12% compared to last year's report and regulators have been busy road-testing their new powers to sanction and fine organisations," said Ross McKean, partner at DLA Piper, specialising in cyber and data protection.
The GDPR Data Breach Survey also calculates the total cost of GDPR-related fines paid so far to be €114m ( $126m/£97m). The largest fine paid so far was one of €50m issued by the French data protection authority, CNIL, to Google over infringements around transparency and consent.
Under GDPR, organisations can be fined up to four per cent of their annual turnover if they've been found to be irresponsible with security following a data breach. Despite this, it's believed that just one-third of organisations are fully GDPR-compliant.




A heads-up, but not a lot of detail.
Odia Kagan of Fox Rothschild writes:
Though said to be a replica of GDPR, the Indian Personal Data Protection Bill (PDPB) is actually quite different, writes Sandeep Sangwan of the International Association of Privacy Professionals, and this can cause issues for multinationals or Indian “data fiduciaries” who are also subject to GDPR.



No comments: