Review

Stick with Security: Make sure your service providers implement reasonable security measures

Retrieved on: 
Thursday, December 1, 2022

Even if a breach ultimately traces back to a service providers conduct, from the perspective of a customer or employee whose personal information has been comprised, the buck stops with you.

Key Points: 
  • Even if a breach ultimately traces back to a service providers conduct, from the perspective of a customer or employee whose personal information has been comprised, the buck stops with you.
  • Thats why Start with Security cautions companies to make sure their service providers implement reasonable security measures.
  • Before bringing service providers on board, spell out what you expect in terms of security.
  • Drawn from FTC law enforcement actions, investigations, and questions we get from companies, here are some examples that illustrate steps you can take to encourage your service providers to start with security and stick to it.
  • Before putting it in someone elses control, be sure you know how that information will be used and secured.
  • The company gives the service provider access to account information including customers preferred payment methods and the service provider creates a spreadsheet of the data.
  • The contract between the company and the service provider doesnt include any requirement to maintain reasonable security.
  • Thats why careful companies verify that service providers are complying with security-related contract provisions.
  • In addition, make sure you have a way of monitoring what theyre doing on your behalf.

Press release - Council must reach a common position on GSP, says EP Rapporteur Hautala

Retrieved on: 
Thursday, December 1, 2022

Council must reach a common position on GSP, says EP Rapporteur Hautala

Key Points: 
  • Council must reach a common position on GSP, says EP Rapporteur Hautala
    Rapporteur on the Generalised Scheme of Preferences Heidi Hautala (Greens/EFA, FI) issued the following statement on Wednesday after Councils failure to agree on its negotiating position.
  • The Council should do its utmost at all levels to solve the final pending issues and reach a common position as a matter of urgency.
  • It would be a dereliction of duty on the part of the Council to allow the reform to fail.
  • Contact: Office of Ms Heidi Hautala, [email protected], tel: +32 228 45 518
    Contacts:
    Eszter BALZSPress Officer

Resetting our views on HSR Items 4(c) and 4(d)

Retrieved on: 
Wednesday, November 30, 2022

When submitting a Hart-Scott-Rodino (HSR) premerger notification filing to the FTC and DOJ, a filing party must complete the HSR Form.

Key Points: 
  • When submitting a Hart-Scott-Rodino (HSR) premerger notification filing to the FTC and DOJ, a filing party must complete the HSR Form.
  • The HSR Form requires detailed information about the transaction and the filing partys business, and requires the submission of certain documents.
  • The PNO frequently receives questions about how to identify responsive documents and offers informal guidance to help filing parties determine which documents are responsive to Items 4(c) and 4(d).
  • This position is currently included in informal guidance as well as in a tipsheet to Items 4(c) and 4(d).

OAIC welcomes passing of Privacy Bill

Retrieved on: 
Wednesday, November 30, 2022

OAIC welcomes passing of Privacy Bill

Key Points: 
  • OAIC welcomes passing of Privacy Bill
    The Office of the Australian Information Commissioner (OAIC) welcomes the passing of the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which enhances the OAICs ability to regulate in line with community expectations and protect Australians privacy in the digital environment.
  • The Bill introduces significantly increased penalties for serious and or repeated privacy breaches and greater powers for the OAIC to resolve breaches.
  • The updated penalties will bring Australian privacy law into closer alignment with competition and consumer remedies and international penalties under Europes General Data Protection Regulation, Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
  • Commissioner Falk said the Bill was a positive step ahead of the wider review of the Privacy Act 1988.

The NIST Cybersecurity Framework and the FTC

Retrieved on: 
Tuesday, November 29, 2022

We often get the question, If I comply with the NIST Cybersecurity Framework, am I complying with what the FTC requires?

Key Points: 
  • We often get the question, If I comply with the NIST Cybersecurity Framework, am I complying with what the FTC requires?
  • In February 2013, President Obama issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, which called on the Department of Commerces National Institute of Standards and Technology (NIST) to develop a voluntary risk-based Cybersecurity Framework for the nations critical infrastructurethat is, a set of industry standards and best practices to help organizations identify, assess, and manage cybersecurity risks.
  • NIST issued the resulting Framework in February 2014.
  • The Framework provides organizations with a risk-based compilation of guidelines that can help them identify, implement, and improve cybersecurity practices.
  • The Framework does not introduce new standards or concepts; rather, it leverages and integrates cybersecurity practices that have been developed by organizations like NIST and the International Standardization Organization (ISO).
  • Identify helps organizations gain an understanding of how to manage cybersecurity risks to systems, assets, data, and capabilities.
  • Protect helps organizations develop the controls and safeguards necessary to protect against or deter cybersecurity threats.
  • The Framework breaks down each of these functions into additional categories and then provides helpful guidance.
  • As the Framework recognizes, theres no one-size-fits-all approach to managing cybersecurity risk.
  • But thats the benefit of the Framework: Its not a checklist, but rather a compilation of industry-leading cybersecurity practices that organizations should consider in building their own cybersecurity programs.
  • Section 5 of the FTC Act is the primary enforcement tool that the FTC relies on to prevent deceptive and unfair business practices in the area of data security.
  • Since 2001, the FTC has settled some 60 cases against companies the FTC alleges failed to provide reasonable protections for consumers personal information.
  • By identifying different risk management practices and defining different levels of implementation, the NIST Framework takes a similar approach to the FTCs long-standing Section 5 enforcement.
  • Many FTC cases highlight companies alleged failures to implement reasonable data security practices that the Framework emphasizes under the
    Protect function.
  • FTC orders demonstrate the importance of this function, emphasizing how consumer interests should factor into a companys recovery plan.

Consultation Paper on review of RTS on authorisation and registration

Retrieved on: 
Tuesday, November 29, 2022

Consultation Paper on review of RTS on authorisation and registration

Key Points: 
  • Consultation Paper on review of RTS on authorisation and registration
    Details
    ESMA is seeking stakeholder views on proposed changes to the RTS on authorisation and registration.
  • Responding to this paper
    ESMA invites comments on all matters in this paper and in particular on the specific questions summarised in Annex 1.
  • This paper may be specifically of interest to administrators of benchmarks.
  • |Date||Reference||Title||Document|
    |28/11/2022||ESMA81-393-607||Consultation Paper on review of RTS on authorisation and registration||Downloadpdf, 647.07 KB|
    |28/11/2022||ESMA81-393-617||Response form - CP Benchmarks amendment of RTS on authorisation and registration||Downloaddocx, 757.42 KB|

ESMA amends and consults on standards for benchmark administrator applications

Retrieved on: 
Tuesday, November 29, 2022

ESMA amends and consults on standards for benchmark administrator applications

Key Points: 
  • ESMA amends and consults on standards for benchmark administrator applications
    The European Securities and Markets Authority (ESMA), the EUs financial markets regulator and supervisor, today published a Final Report on the review of the regulatory technical standards (RTS) on the form and content of applications for recognition by non-EU benchmark administrators, and a consultation on amendments to the RTS on the information that EU benchmark administrators need to provide in applications for authorisation and registration.
  • This is to ensure that these applications include all necessary information in order for ESMA to assess whether the applicant meets BMR requirements.
  • Third country benchmark administrators who wish to apply for recognition, are encouraged to contact ESMA at [email protected].
  • Input sought on standards for applications for authorisation and registration
    In the consultation also published today, ESMA is seeking stakeholder views on proposed changes to the RTS on authorisation and registration.

ECB Financial Stability Review shows risks increasing as economic and financial conditions worsen

Retrieved on: 
Saturday, November 26, 2022

- PRESS RELEASE

Key Points: 
  • - PRESS RELEASE
    ECB Financial Stability Review shows risks increasing as economic and financial conditions worsen
    16 November 2022
    - Households and firms face multiple challenges, including weakening economic outlook, higher inflation and tighter financial conditions
    - Diminished market liquidity raises risk of disorderly asset price adjustments, which could test investment fund resilience
    - Governments should ensure support to vulnerable sectors is targeted and does not interfere with monetary policy normalisation
    Risks to financial stability in the euro area have increased amid soaring energy prices, elevated inflation and low economic growth, the November 2022 Financial Stability Review published today by the European Central Bank (ECB) shows.
  • At the same time, financial conditions have tightened as central banks act to rein in inflation.
  • People and firms are already feeling the impact of rising inflation and the slowdown in economic activity, said ECB Vice-President Luis de Guindos.
  • Our assessment is that risks to financial stability have increased, while a technical recession in the euro area has become more likely.