The Office of the Information & Privacy Commissioner for British Columbia issued the following statement on May 23 about a case that raises issues of transparency and claims of privileged information: LifeLabs has announced that it is seeking leave to appeal a court ruling upholding the decision of the Information and Privacy Commissioner of Ontario…
Category: Legislation
SEC Charges Intercontinental Exchange and Nine Affiliates Including the New York Stock Exchange with Failing to Inform the Commission of a Cyber Intrusion
Washington D.C., May 22, 2024 — The Securities and Exchange Commission today announced that The Intercontinental Exchange, Inc. (ICE) agreed to pay a $10 million penalty to settle charges that it caused the failure of nine wholly-owned subsidiaries, including the New York Stock Exchange, to timely inform the SEC of a cyber intrusion as required…
UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments
“Mother, May I?” UK entities may need permission to make ransom payments. Alexander Martin reports: Officials in Britain are set to propose a major overhaul of how the country responds to ransomware attacks by requiring all victims to report incidents to the government, and then obliging those victims to seek a license before making any…
Utah Updates to Breach Notification Requirements Take Effect
Dorothy Parson McDermott of JacksonLewis writes: On May 1, 2024, amendments to Utah’s cybersecurity and data breach notification law took effect. The state’s cybersecurity and data breach notification law requires an organization that conducts business in the State of Utah to prevent the unlawful use or disclosure of personal information collected by the organization. Under…
SEC amends Reg S-P to require data breach notification within 30 days
Aaron Nicodemus reports: The Securities and Exchange Commission (SEC) will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days. On Thursday, the SEC approved amendments to Regulation S-P, known as the safeguards rule. The rule requires covered entities to…
Singapore Cybersecurity Update Puts Cloud Providers on Notice
Robert Lemos writes: Lawmakers in Singapore updated the nation’s cybersecurity regulations on May 7, giving more power to the agency responsible for enforcing the rules, adopting definitions of computer systems that include cloud infrastructure, and requiring that critical information infrastructure (CII) operators report any cybersecurity incident to the government. The Cyber Security Act amendment takes…