Coordination Game: The Global Cybersecurity Legal Ecosystem and Business Obligations for Data Protection
Practices adopted to comply with U.S. breach notification and cybersecurity obligations may not be sufficient in other international jurisdictions.
July 10, 2018 at 10:15 AM
3 minute read
Todd McClelland of Jones Day(Courtesy photo)
European Union th . Certainly, the GDPR's noncompliance penalties (greater of 20 million euros or 4 percent of global annual turnover) caught some attention. China
- Data localization;
- Network monitoring and recordation;
- Categorization of all data collected;
- Backup and encryption of all “important data”;
- Patching in a timely manner; and
- Notifying the public regarding cybersecurity information on system bugs, viruses, network attacks, and network intrusion.
Other Representative Countries
- On February 23, 2018, Australia's Notifiable Data Breaches scheme (NBD scheme), an amendment to the Privacy Act 1988 (“Privacy Act”), came into effect. The NBD scheme requires companies regulated by the Privacy Act to notify affected individuals and the Australian Information Commissioner of eligible data breaches—that is, a data breach that results in serious harm to the affected individual.
- On June 12, 2018, Vietnam passed its Law on Cybersecurity, which gives Operators of Information Systems Critical to National Security (CIS) data localization and other obligations with respect to the management of their CIS and related data. CIS sectors include defense, national security, government, news media, and national information systems for the economic, energy, finance, banking and transportation, chemical, health, cultural, national resources, and environment sectors. Moreover, foreign companies providing telecommunications or internet services in Vietnam must establish offices in Vietnam, store personal information of Vietnamese users and "other important data" in Vietnam, perform a security assessment prior to any cross-border data transfer, and bring their technology products involving cyber services into compliance with "quality assurance" standards before they can be released to the market.
Conclusion As governments across the globe continue to issue new legislation and implementation guidance on cybersecurity, companies with global operations should prioritize coordination, alignment, and execution of best practices to ensure cybersecurity compliance across a wide range of regulatory regimes. Todd McClelland is a partner at Jones Day, where he advises clients on data breach response and other information security-related issues, including pre-breach cybersecurity risk assessment and management, compliance, response preparedness and other risk mitigation activities. The views and opinions set forth herein are the personal views or opinions of the author; they do not necessarily reflect views or opinions of the law firm with which he is associated.
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Trending Stories
- 1The Law Firm Disrupted: For Big Law Names, Shorter is Sweeter
- 2Wine, Dine and Grind (Through the Weekend): Summer Associates Thirst For Experience in 'Real Matters'
- 3'Fire All the Bullets Now': EEOC Enforcements Surge
- 4'I'm Staying Everything': Texas Bankruptcy Judge Halts Talc Trials Against J&J
- 5Suspect in Courthouse Bombing Was Targeting Judge, Deputies, Say Prosecutors
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250