Cyber insurers have been recommending payment of the ransom. Will
they fight this bill?
N.Y.
Senator Carlucci Introduces Bill That Prohibits Paying Ransom
New
York Senator David Carlucci introduced Senate Bill S7289 that would
ban the paying of ransom.
The
bill
prohibits
municipal corporations or other government entities from paying
ransom in the event of a cyber-attack against them.
(Related)
Possessing
Ransomware Could Become Illegal in Maryland
Lawmakers
in the state of Maryland are considering making it a criminal offense
to be in possession of ransomware.
A
bill was introduced on Tuesday, January 14, that seeks to penalize
Marylanders who knowingly possess the malware and intend
to use it to cause harm. The bill also grants victims of
a ransomware attack the right to sue the hacker for damages in civil
court.
The
state has already outlawed the use of malicious technology to extort
money out of victims. Senate
Bill 30,
which was heard before the Senate Judicial Proceedings Committee last
week, would make it a misdemeanor to be in possession of ransomware
with the intent to use it in a malicious manner.
You should look for Best Practices anywhere. If
you have second rate security, you are a much more attractive target
for hackers.
India Plans
to Mandate Cyber Security Measures for Power Grids
India’s
electricity grid operators will have to install firewalls and other
measures used by companies to avert an attack on their information
technology systems and check rising hacking incidents of power
networks across the world.
Grid
operators and regulatory agencies will need to have a continuity plan
handy in the event of a cyber attack, according to draft rules
published by the Central Electricity Regulatory Commission. The move
is part of an overhaul of the decade-old
guidelines.
As
expected or as feared.
GDPR:
160,000 data breaches reported already, so expect the big fines to
follow
Analysis
by law firm DLA Piper found that after the General Data Protection
Regulation (GDPR) came into force on 25 May 2018, the first eight
months saw an average of 247 breach notifications per day. In the
time since, that has risen to an average of 278 notifications a day.
"GDPR
has driven the issue of data breach well and truly into the open.
The rate of breach notification has increased by over 12% compared to
last year's report and regulators have been busy road-testing their
new powers to sanction and fine organisations," said Ross
McKean, partner at DLA Piper, specialising in cyber and data
protection.
The
GDPR Data Breach Survey also calculates the total cost of
GDPR-related fines paid so far to be €114m ( $126m/£97m). The
largest fine paid so far was
one of €50m issued by the French data protection authority, CNIL,
to Google over
infringements around transparency and consent.
… Under
GDPR, organisations can be fined up to four per cent of their annual
turnover if they've been found to be irresponsible with security
following a data breach. Despite this, it's
believed that just one-third of organisations are fully
GDPR-compliant.
A
heads-up, but not a lot of detail.
Odia
Kagan of Fox Rothschild writes:
Though said to be a replica of GDPR, the Indian Personal Data Protection Bill (PDPB) is actually quite different, writes Sandeep Sangwan of the International Association of Privacy Professionals, and this can cause issues for multinationals or Indian “data fiduciaries” who are also subject to GDPR.
Read
more on Privacy
Compliance & Data Security.
No comments:
Post a Comment