All Things Newz
Law \ Legal

Cybersecurity And Data Privacy – What To Expect In 2022 – Privacy Protection



To print this article, all you need is to be registered or login on Mondaq.com.

Threats to cybersecurity and data privacy are constantly
increasing both in volume and complexity.  This trend is
expected to continue in 2022.  In a bid to protect
cybersecurity and ensure data is properly safeguarded, countries
around the world are introducing new laws focused on cybersecurity
and data protection.  Armed with new legal frameworks,
regulators and law enforcement are placing onerous obligations on
organisations who fall victim to cybersecurity breaches. 
There are shorter deadlines in which to notify the authorities of
data breaches and ever increasing fines and penalties for
businesses that fail to respond swiftly and appropriately to a
cyberattack.

In this ever-changing area what is on the horizon for 2022?

Legal Changes

The United Kingdom, fresh from leaving the European Union has
already indicated that there will be data privacy law
changes.  Chancellor Rishi Sunak has said that the General
Data Protection Rules (GDPR) are not necessary and pointed to what
he called “sensible countries” such as Japan,
Switzerland and Canada who have established and respected data
rules.  The Chancellor has explained that the UK Government
wants to “protect individual data but we don’t want to
hinder innovation, and the whole view is that there are things that
we can change that will be pro-innovation whilst protecting rights
and getting rid of some of the box-ticking and ending up in a good
place that is net positive for the UK”.

In the US, following on from the California Consumer Privacy Act
(CCPA) and the California Privacy Rights Act (CPRA) other States
are enacting their own privacy legislation.  The Virginia
Consumer Data Protection Act (VCDPA), the Colorado Privacy Act
(ColoPA), and  A.430/S.2628 in New York; will be effective
1st January 2023, 1st July 2023,
and May 2022 respectively.  Many other States have active
bills working their way through legislature, with at least 45
states and Puerto Rico having introduced or considered more than
250 bills or resolutions through 2021 that deal with
cybersecurity.

In the last few months China’s new data protection law,
the Personal Information Protection Law (PIPL) took effect. 
Broadly, it is similar to the GDPR in a number of key
aspects.  It has extra-territorial reach.  In some areas
it introduces more stringent requirements than under the
GDPR.  Organisations who transfer or gather data that comes
within the scope of PIPL need to take steps urgently to ensure they
are complying.

The United Arab Emirates have introduced data protection
legislation this month, Federal Decree Law on the Protection of
Personal Data.  It has notable similarities to the GDPR. It
also has extra-territorial reach.  The law is so new that it
is not yet known how it will be applied by the UAE authorities.

Cyber Attack Trends

As a result of the pandemic the number of connected devices is
forecast to reach 18 billion this year.  This is a vast number
of potential access devices for cybercriminals looking to access
secure data.

Supply chains are likely to be key targets for cyber
criminals.  A whole supply chain is likely to have multiple
weak spots where it can be attacked with the repercussions being
felt along the whole supply chain.  Ransomware attacks are a
likely source of disruption.

State sponsored attacks are likely to continue to be a key
feature of cybercrime this coming year.

Expectations of Law Enforcement & Regulators

It is expected that regulators and law enforcement across the
world will have high expectations.

The UK published a new National Cyber Strategy in December
2021.  This builds on the creation of the National Cyber Force
which is a significant step-up in its offensive cyber
capability.

In the US, 2021 saw some significant enforcement activity,
including for example the Department of Justice investigating and
indicting individuals for carrying out and facilitating cyber
hacks, and the New York Department of Financial Services levying
its first penalties against companies in respect of cybersecurity
breaches.  The Financial Crimes Enforcement Network (FinCEN)
also identified cybercrime as a top priority for anti-money
laundering and countering terrorism financing.

Regulators want to see that organisations are taking
cybersecurity seriously and have suitable data security policies in
place.

How to Protect Your Organisation?

Organisations need to be proactive in tackling the threats faced
and ensuring they are up-to-date with the laws applicable to the
data they process.

Policies should be in place which are regularly reviewed (many
organisations now review their policies every quarter such is the
pace of change in this area) and updated as part of a regular
cybersecurity audit.  Depending on the characteristics of the
business, third parties such as businesses in its supply chain, may
need to form part of the audit and assessment process.

Good cybersecurity relies on education and awareness. 
Regular training of staff is key and should include temporary and
contract staff.

Physical security also needs to be addressed which is concerned
with access to premises and equipment.  All organisations need
to consider storage arrangements and secure disposal of records no
longer required.

There need to be protocols to cover password use, firewalls,
regular updates for software, backup and restoration of electronic
information and monitoring to detect breaches.

Organisations should consider having a cyber-breach response
plan to assist in the detection of cybercrime and ensure incidents
are responded to swiftly and in an efficient and comprehensive
way.  There should be a clear structure of responsibility to
allow for accountability.

Originally Published 02 February 2022

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Privacy from Worldwide

Update On Data Transfers (Podcast)

Reed Smith (Worldwide)

Cynthia O’Donoghue and Aselle Ibraimova from Reed Smith’s London Office discuss changes in the EU/UK to the standard contractual clauses for data transfers between EU/UK and non-EU/non-UK countries.

International Transfers Summer 2022 Update

Kemp IT Law

This is my Summer 2022 update to my three vlogs on international transfers of personal data – which were thrown into the spotlight by Schrems II! Check out the vlogs for a quick refresher here…



Source link

Related posts

Shareholders’ Borrowing From The Joint Stock Company And Vice Versa – Shareholders

Horace Hayward

Key To IP: The Truth About Working In IP (Podcast) – Trademark

Horace Hayward

Cryptocurrency: when can you claim tax losses in a falling market? –

Horace Hayward