The circumstances surrounding the replacement of Lu Wei as head of the Cyberspace Administration of China in June remain difficult to discern, but the politics surrounding its leadership seem not to have deflected the CAC from its mission to assert more control over cyberspace.
The CAC – also known as the Office of the Central Leading Group for Cyberspace Affairs – has issued new regulations which took effect on 1 August 2016 and place obligations on providers of mobile internet applications, or “apps”, that seem to mirror those placed on website and social media operators.
The White House and its top security advisors are regularly advised about cyberintrusions and as a result the “time has come for CEOs and Boards to take personal responsibility for improving their companies’ cyber security” according to Former White House Senior Director for Cybersecurity Sameer Bhalotra. In the recent report from LogRhythm entitled “The Cyber Threat Risk – Oversight Guidance for CEOs and Boards” Bhalotra went to say:
Global payment systems, private customer data, critical control systems, and core intellectual property are all at risk today.
As cyber criminals step up their game, government regulators get more involved, litigators and courts wade in deeper, and the public learns more about cyber risks, corporate leaders will have to step up accordingly.
While cybersecurity risks have increased, government regulation has traditionally lagged behind. Recently, some government entities have tried to catch up by mandating that companies take a proactive approach toward protecting personal and competitively sensitive data. The move is a departure from the traditional reactive response of simply notifying consumers after their personal data is breached.
With this shift in emphasis, companies are asking the obvious questions: “What are we expected to do and what is a proactive cybersecurity compliance program?”
Both on the state level and through federal regulatory agencies, the government is beginning to dictate a comprehensive compliance approach to data protection. Late last year, the U.S. Securities and Exchange Commission’ s Cybersecurity Examination Initiative directed broker-dealers to “further assess cybersecurity preparedness in the securities industry.” Thus, the SEC announced that it “will focus on key topics including governance and risk assessment, access rights and controls, data loss prevention, vendor management, training and incident response.”
Guest Blogger Peter S. Vogel is a trial partner at Gardere Wynne Sewell LLP where he is Chair of the eDiscovery Group and the Internet, eCommerce, & Technology Team, and before practicing law he worked as a systems programmer, received a Masters in Computer Science, and taught graduate courses in information systems. In addition to… Read More
Cybersecurity threats have reached a point where they cannot go ignored by any government agency,even the U.S. Securities and Exchange Commission. Although an agency that is tasked with protecting investors is not one that typically comes to mind in the battle against cyberthreats,the SEC does maintain jurisdiction over cybersecurity issues for public companies, broker dealers and investment advisers, due to its responsibilities for ensuring the disclosure of material information, integrity of market systems and customer data protection.