The EBF would like to take the opportunity to note few general remarks on key issues as follows:

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The EBF would like to take the opportunity to note few general remarks on key issues as follows:"

Transcription

1 Ref.:EBF_ Brussels, 17 June 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries. The EBF represents the interests of some 4,500 banks, large and small, wholesale and retail, local and cross-border financial institutions. EBF s position on the Commission s proposal for a Directive concerning measures to ensure a high common level of network and information security (NIS) across the European Union COM(2013) 48 final General remarks: The Commission s proposal falls within the scope of the European Cyber Security Strategy aiming at ensuring a safe and reliable digital environment across the EU. Based on recent data the Existing NIS capabilities and voluntary mechanisms are simply insufficient to keep pace with the fast-changing landscape of threats and to ensure a common high level of protection in all the Member States. The Commission is aiming at guarantying a high common level of network and information security (NIS) by improving the security of the internet and the private networks and information systems underpinning the functioning of our societies and economies to ensure a reliable environment for worldwide trade in services via coordinated regulatory interventions, strategies and standards as well as trusted information sharing on NIS incidents and risks among the Member States. The European Banking Federation (EBF) positively welcomes the draft Directive, as it is particularly important for the banking sector which has already the infrastructures in place. The EBF supports strongly the objective of the draft Directive to ensure that there are tools in place to react properly in case of incidents. Indeed, appropriate tools may result in an increased consumers trust, leading to a more inclusive cyberspace, and a digital economy that grows even faster, supporting our economic recovery. The EBF fears however that in some aspects the Commission s proposal seems very ambitious. The EBF would like to take the opportunity to note few general remarks on key issues as follows: The EBF believes that the proposed Directive should promote the exchange of information among all the main actors involved in the security management process, not only among Member States and Computer Emergency Response Teams (CERTs) but also between the most relevant stakeholders. As the banking sector has already set and put in place well defined risk assessment and incident monitoring procedures, the EBF considers that one of the biggest challenges nowadays is an efficient cooperation with other stakeholders (e.g. Telecommunications operators), especially in case of incidents. EBF a.i.s.b.l ETI Registration number: Avenue des Arts 56, B-1000 Brussels +32 (0) Phone +32 (0) Fax

2 The EBF would like to draw the attention of the legislator that should any new requirements be adopted they should be proportional to the associated risk and of its impact of loss as well as being consistent all over Europe. However, first it should be noted that the scope of the proposed Directive has only sets minimum rules allowing EU countries to go beyond these requirements and secondly small companies are excluded from the risk management and notification requirements. However, they may also be confronted with or causing a cyber incident that may cause collateral damages or impact the economy/society. As a consequence the current proposal would allow Member States to adopt different reporting rules; which could lead to diverging requirements throughout the EU, These inconsistencies could be detrimental to the principle of a level playing field and may lead to additional costs inherent to the implementation of these new measures. The EBF would like to add as well that the sanctions and their enforcement can differ from one Member State to another, and therefore could create real uncertainty for transnational companies. As specific remarks, the European Banking Federation would like to point out the following issues: 1. Incident Reporting (Article 14) According to Articles 14 to 16, the Commission proposes new security and incident reporting obligations. The public administrations and private entities in specific sectors (e.g. financial services) will be required to adopt network and information security (NIS) risk management practices and notify competent national authorities of any security incident that has a significant impact on the continuity of core services they provide (art.14-16). Following the notification, national authorities may decide to inform the general public. The EBF would like to stress the importance of a coherence between the requirements of the proposed NIS Directive and the- currently under review- Data Protection Regulation. In terms of efficiency the specific obligations to notify data breach/ network incidents should require reporting to one authority with one single form to fill in. This is rightly mentioned in recital 31, with the establishment of harmonised exchange mechanisms and template to notify incidents. The requirement for mandatory reporting of incidents by market operators requires careful scoping in order to ensure it drives the desired behaviour that it is important to balance between the interest to inform the public, the level of details made public and its consequences as well as the guarantee of protecting reputation and image of the organisation involved in data violation episodes [Ref Article 14]: The EBF considers problematic that the authorities will decide on the information to disclose where it determines that the incident is of public interest. The Authorities should in collaboration of the market operators and the public administrations ensure that information on weaknesses in security are not detailed and do not identify specific problems. This would be otherwise equivalent to indicate to hackers where a specific sector is not good enough to protect its systems). 2

3 The EBF would prefer that the elements of respectively recital 17 and recital 28 regarding the handling of the information with confidentiality should be part of the main body of the Directive as considered as an essential part of the Directive. Art 14 (1) suggests a focus only on incidents that impact continuity of service. However, integrity of service is equally important. Art 14 (2) requires reporting by market operators of incidents having a significant impact on the security of the core services they provide. The word significant needs careful definition in order to determine whether this Directive will achieve its aim: o If the requirement includes reporting of incidents with minimal impact to the business of the market operator, then it could drive a culture that is encouraged not to identify incidents. This would be counterproductive as effective cyber security requires identification and investigation of a wide range of incidents, many of which appear to be insignificant at first sight. It is only by catching such incidents early that material incidents are prevented. o We would recommend the limitation of mandatory reporting to just incidents with significant and material impact and this needs to be established within the Directive in order to prevent scope creep in the future. It should also be noted that many cyber security incidents do not actually involve the breach of systems belonging to the victim organisation. o For example, the widely-publicised Denial of Service attacks against US Banks have not breached their systems, but rather prevented access to them. o Similarly, fraudsters often do not target banking systems, but rather the systems of banks customers. o It is unclear how the mandatory reporting would be applied in these circumstances. 2. Incident Identification (Article 14) The draft Directive contains no requirements on market operators to develop capability to detect incidents. If there are to be requirements on market operators to report incidents that have been identified, then there should be some requirement on the market operators to identify those incidents in the first place. Otherwise a disincentive to monitor for cyber security incidents will be created for market operators. The EBF considers that it could have a detrimental impact on the level of network and information security across the Union. We would therefore propose that the Directive includes a requirement for market operators to monitor their networks and information systems for incidents, in a manner appropriate with the threats they face, but without requiring compliance with specific technical standards. (see next comment) 3. Standards (Article 16) 3

4 Encouragement of the use of standards is a laudable principle. However, it must be recognised that requiring compliance to detailed technical standards by market operators is likely to be counter-productive: Technical standards take time to be developed and revised and are unlikely to keep pace with the dynamic threat environment; Requiring compliance to detailed technical standards will encourage a compliance culture, with an emphasis on box-ticking as opposed to genuine risk management. The risk management practices that must be encouraged across the Union involve a high degree of skill, judgement and investigation by capable professionals this research type culture will not be encouraged by compliance requirements; Compliance with technical standards can create a false sense of security for senior management. For example, the payments industry has for some time required merchants to comply with technical security standards (PCI-DSS) when handling payment card details. However, breaches in recent years have occurred in organisations that are certified as compliant with PCI-DSS standards. This illustrates that compliance with even the most stringent technical standards is not sufficient for effective risk management. 4. Delegated acts (art. 18) & implemented act (14.7): In reference to Articles 9(2), 10 (5) and 14(5) as well as Article 14 (7) delegated acts and implemented act have been conferred to the Commission. The EBF has serious concerns regarding this extensive power for the European Commission because of the limited involvement of stakeholders in this process. The EBF also sees this technique as problematic since it leaves too much uncertainty with regard to the actual implementation of the Directive. This is all the most worrying as the respectively proposed delegated and implemented acts apply to essential aspects of the draft Directive such as the definition of the criteria to be fulfilled for a member state to be authorised to participate to the secure information-sharing-system (Article 9(2)), the further specification of the risks and incidents triggering early warning (Article 10 (5)), the definition of circumstances in which public administrations and Market operators are required to notify incidents (art. 14(5)) and finally the format and procedures applicable for the Member States to ensure that market operators notify to the competent authority incidents having a significant impact on the security of the core service they provide. 5. Definition of Market Operators We note the suggestion in paragraph 24 on page 14 that software developers and hardware manufacturers be explicitly excluded from the requirements of this Directive. However we would argue the contrary; that they should be at the core of the scope of this Directive: Their products are relied on by all other market operators to ensure the security of services thus they are a critical dependency; 4

5 There are known examples of hardware and software providers either being targeted in order to then compromise other market operators, or publicly acknowledged as placing market operators at risk due to vulnerabilities in their products. Whilst we acknowledge that the list given in Annex II is indicative, we would suggest omissions have been made of whole sectors that are known to be targets of sustained cyber attacks, and represent risk to the security of the EU. Examples include: Legal firms Accountancy and audit firms Food and agriculture firms Utilities such as water Information Technology firms Persons of contact: Fanny Derouck-Tadros Séverine Anciberro Noémie Papp 5

EBF response to ESMA consultation on the exemption for market making activities and primary market operations under Regulation (EU) 236/2012

EBF response to ESMA consultation on the exemption for market making activities and primary market operations under Regulation (EU) 236/2012 EBF Ref.: D1758E-2012 Brussels, 5 October 2012 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association

More information

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32 A call for views and evidence 22 nd May 2013 Contents Contents... 2 Overview: The EU Directive on Network and Information Security...

More information

EU Cybersecurity Policy & Legislation ENISA s Contribution

EU Cybersecurity Policy & Legislation ENISA s Contribution EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA

More information

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, XXX [ ](2012) XXX draft Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning measures to ensure a high common level of network and information

More information

Council of the European Union Brussels, 5 March 2015 (OR. en)

Council of the European Union Brussels, 5 March 2015 (OR. en) Council of the European Union Brussels, 5 March 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 6788/15 LIMITE TELECOM 59 DATAPROTECT 23 CYBER 13 MI 139 CSC 55 CODEC 279 NOTE From: Presidency To:

More information

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, 7.2.2013 COM(2013) 48 final 2013/0027 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning measures to ensure a high common level of network

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or

More information

Key Points. Ref.:EBF_004742 Brussels, 04 November 2013

Key Points. Ref.:EBF_004742 Brussels, 04 November 2013 Ref.:EBF_004742 Brussels, 04 November 2013 European Banking Federation Position Paper on the European Commission Proposal for a Regulation on Interchange Fees for Card-Based Payment Transactions Launched

More information

Key Points. EBF Ref. D1412D-2011 Brussels, 03.10.2011. Contact Person: Enrique Velázquez, e.velazquez@ebf-fbe.eu

Key Points. EBF Ref. D1412D-2011 Brussels, 03.10.2011. Contact Person: Enrique Velázquez, e.velazquez@ebf-fbe.eu EBF Ref. D1412D-2011 Brussels, 03.10.2011 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection

More information

Mapping of outsourcing requirements

Mapping of outsourcing requirements Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure

More information

Key Points. Ref.:EBF_007865E. Brussels, 09 May 2014

Key Points. Ref.:EBF_007865E. Brussels, 09 May 2014 Ref.:EBF_007865E Brussels, 09 May 2014 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.

More information

GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK

GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK This Guideline does not purport to be a definitive guide, but is instead a non-exhaustive

More information

Data Breach Notifications. Submission by the Australian Communications Consumer Action Network to the Attorney General s Department

Data Breach Notifications. Submission by the Australian Communications Consumer Action Network to the Attorney General s Department Data Breach Notifications Submission by the Australian Communications Consumer Action Network to the Attorney General s Department November 2012 About ACCAN The Australian Communications Consumer Action

More information

Ref: ED Responding to Non-Compliance or Suspected Non-Compliance with Laws and Regulations

Ref: ED Responding to Non-Compliance or Suspected Non-Compliance with Laws and Regulations October 15. 2015 IAASB Ref: ED Responding to Non-Compliance or Suspected Non-Compliance with Laws and Regulations FSR - danske revisorer welcomes this project to ensure consistency between ISAs and the

More information

EBF preliminary position on the European Commission proposal for an insurance mediation directive (Recast)

EBF preliminary position on the European Commission proposal for an insurance mediation directive (Recast) EBF Ref.: D2142F 10.01.13 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries. The EBF represents

More information

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations Brussels, October 2015 INTRODUCTION On behalf of the European

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

Code of Practice on Electronic Invoicing in Europe

Code of Practice on Electronic Invoicing in Europe Code of Practice on Electronic Invoicing in Europe 24 th March 2009 Version 0.17 Approved by Expert Group Plenary on 24 th March 2009 This Code of Practice on Electronic Invoicing in Europe is recommended

More information

Code of Practice on Electronic Invoicing in Europe

Code of Practice on Electronic Invoicing in Europe Code of Practice on Electronic Invoicing in Europe 24 th March 2009 Version 0.17 Approved by Expert Group Plenary on 24 th March 2009 This Code of Practice on Electronic Invoicing in Europe is recommended

More information

DELEGATED REGULATION (EU)

DELEGATED REGULATION (EU) RTS 15: Draft regulatory technical standards on market making, market making agreements and marking making schemes COMMISSION DELEGATED REGULATION (EU) No /.. of [date] supplementing Directive 2014/65/EU

More information

REFORM OF STATUTORY AUDIT

REFORM OF STATUTORY AUDIT EU BRIEFING 14 MARCH 2012 REFORM OF STATUTORY AUDIT Assessing the legislative proposals This briefing sets out our initial assessment of the legislative proposals to reform statutory audit published by

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

EBA final draft Regulatory Technical Standards

EBA final draft Regulatory Technical Standards EBA/RTS/2014/11 18 July 2014 EBA final draft Regulatory Technical Standards on the content of recovery plans under Article 5(10) of Directive 2014/59/EU establishing a framework for the recovery and resolution

More information

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY

More information

2011-2014. Deliverable 1. Input on the EU's role in fighting match-fixing. Expert Group "Good Governance. EU Work Plan for Sport

2011-2014. Deliverable 1. Input on the EU's role in fighting match-fixing. Expert Group Good Governance. EU Work Plan for Sport EU Work Plan for Sport 2011-2014 Expert Group "Good Governance Deliverable 1 Input on the EU's role in fighting match-fixing J u n e 2012 2 1. INTRODUCTION The EU Work Plan for Sport identifies integrity

More information

IESBA Technical Director Mr. Ken Siong. By e-mail: kensiong@ethicsboard.org. 2 September, 2015

IESBA Technical Director Mr. Ken Siong. By e-mail: kensiong@ethicsboard.org. 2 September, 2015 IESBA Technical Director Mr. Ken Siong By e-mail: kensiong@ethicsboard.org 2 September, 2015 Re: FSR danske revisorer comments on IESBA Exposure Draft: Responding to Non-Compliance with Laws and Regulations

More information

PwC Submission Serious Data Breach Notification Consultation

PwC Submission Serious Data Breach Notification Consultation www.pwc.com.au PwC Submission Serious Data Breach Notification Consultation March 2016 Submission to the Serious Data Breach Notification Your details Consultation Name/organisation (if you are providing

More information

European priorities in information security

European priorities in information security European priorities in information security Graeme Cooper Head of Public Affairs Unit, ENISA 12th International InfoSec and Data Storage Conference, 26th September 2013, Sheraton Hotel, Sofia, Bulgaria

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

CCBE comments on the proposal for a Directive of the European Parliament and of the Council on singlemember private limited liability companies

CCBE comments on the proposal for a Directive of the European Parliament and of the Council on singlemember private limited liability companies Conseil des barreaux européens Council of Bars and Law Societies of Europe Association internationale sans but lucratif Rue Joseph II, 40 /8 1000 Bruxelles T. : +32 (0)2 234 65 10 F. : +32 (0)2 234 65

More information

Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country

Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country 2015 Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country 1 Principles of Best Practice applicable to the distribution

More information

BEREC Monitoring quality of Internet access services in the context of Net Neutrality

BEREC Monitoring quality of Internet access services in the context of Net Neutrality BEREC Monitoring quality of Internet access services in the context of Net Neutrality BEUC statement Contact: Guillermo Beltrà - digital@beuc.eu Ref.: BEUC-X-2014-029 28/04/2014 BUREAU EUROPÉEN DES UNIONS

More information

COMMISSION REGULATION (EU) No /.. of XXX

COMMISSION REGULATION (EU) No /.. of XXX EUROPEAN COMMISSION Brussels, XXX [ ](2013) XXX draft COMMISSION REGULATION (EU) No /.. of XXX on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC on privacy

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,

More information

5581/16 AD/NC/ra DGE 2

5581/16 AD/NC/ra DGE 2 Council of the European Union Brussels, 21 April 2016 (OR. en) Interinstitutional File: 2013/0027 (COD) 5581/16 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: TELECOM 7 DATAPROTECT 6 CYBER 4 MI 37 CSC 15

More information

BEREC Guidelines for Quality of Service in the scope of Net Neutrality

BEREC Guidelines for Quality of Service in the scope of Net Neutrality BEREC Guidelines for Quality of Service in the scope of Net Neutrality BEUC response to the public consultation Contact: Guillermo Beltrà digital@beuc.eu Ref.: X/2012/060-27/07/2012 BUREAU EUROPÉEN DES

More information

Data Protection Breach Management Policy

Data Protection Breach Management Policy Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/

More information

Internal controls Guidance for trustees

Internal controls Guidance for trustees Regulatory code of practice no. 9 Internal controls Guidance for trustees Contents Paragraph Page 1 Introduction 3 5 The status of codes of practice 3 6 Other regulatory requirements 3 7 Terminology 4

More information

We take the opportunity of the proposal to stress the following specific points where we think there is room for improvement.

We take the opportunity of the proposal to stress the following specific points where we think there is room for improvement. D0208G 22/05/2012 Set up in 1960, the European Banking Federation is the voice of the European banking sector (European Union & European Free Trade Association countries). The EBF represents the interests

More information

Proposal for a revised Payment Services Directive

Proposal for a revised Payment Services Directive Proposal for a revised Payment Services Directive BEUC position Contact: Financial Services Team financialservices@beuc.eu Ref.: X/2013/079-27/11/2013 BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS AISBL

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof, Opinion of the European Data Protection Supervisor on the Joint Communication of the Commission and of the High Representative of the European Union for Foreign Affairs and Security Policy on a 'Cyber

More information

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:

More information

Helmut Wacket Head of Oversight Division. Cybersecurity: regulatory framework and central bank initiatives in the EU

Helmut Wacket Head of Oversight Division. Cybersecurity: regulatory framework and central bank initiatives in the EU Helmut Wacket Head of Oversight Division Cybersecurity: regulatory framework and central bank initiatives in the EU Cybersecurity in the EU Securing network and information systems in the EU is essential

More information

15229/2/15 REV 2 KM/ek 1 DG E2B

15229/2/15 REV 2 KM/ek 1 DG E2B Council of the European Union Brussels, 18 December 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 15229/2/15 REV 2 NOTE From: To: Presidency Permanent Representatives Committee TELECOM 232 DATAPROTECT

More information

BEREC DRAFT REPORT ON OTT SERVICES

BEREC DRAFT REPORT ON OTT SERVICES The Consumer Voice in Europe BEREC DRAFT REPORT ON OTT SERVICES BEUC response to the public consultation Contact: Guillermo Beltrà digital@beuc.eu BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS AISBL DER

More information

EFPIA position on Clinical Trials Regulation trialogue

EFPIA position on Clinical Trials Regulation trialogue EFPIA position on Clinical Trials Regulation trialogue As the revision of the Clinical Trial Directive enters the Trialogue phase, it is critical to remember that the key objective of this legislation

More information

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

GOVERNMENT OF THE REPUBLIC OF LITHUANIA GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 20112019 Vilnius For

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

E-PRIVACY DIRECTIVE: Personal Data Breach Notification

E-PRIVACY DIRECTIVE: Personal Data Breach Notification E-PRIVACY DIRECTIVE: Personal Data Breach Notification PUBLIC CONSULTATION BEUC Response Contact: Kostas Rossoglou digital@beuc.eu Ref.: X/2011/092-13/09/11 EC register for interest representatives: identification

More information

Merchants and Trade - Act No 28/2001 on electronic signatures

Merchants and Trade - Act No 28/2001 on electronic signatures This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and

More information

Honourable members of the National Parliaments of the EU member states and candidate countries,

Honourable members of the National Parliaments of the EU member states and candidate countries, Speech by Mr Rudolf Peter ROY, Head of division for Security Policy and Sanctions of the European External Action Service, at the L COSAC Meeting 29 October 2013, Vilnius Honourable members of the National

More information

Anthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members:

Anthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members: Andrew M. Cuomo Governor Anthony J. Albanese Acting Superintendent FROM: TO: Anthony J. Albanese, Acting Superintendent of Financial Services Financial and Banking Information Infrastructure Committee

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Western Australian Auditor General s Report. Information Systems Audit Report

Western Australian Auditor General s Report. Information Systems Audit Report Western Australian Auditor General s Report Information Systems Audit Report Report 10 June 2012 Auditor General s Overview The Information Systems Audit Report is tabled each year by my Office. It summarises

More information

EACB messages for the Trialogue negotiations on Bank Recovery and Resolution Directive

EACB messages for the Trialogue negotiations on Bank Recovery and Resolution Directive EACB messages for the Trialogue negotiations on Bank Recovery and Resolution Directive 30 August 2013 The EACB is the voice of the co-operative banks in Europe. It represents, promotes and defends the

More information

Chapter Five: Respect for Human Rights in Joint Ventures Relationships

Chapter Five: Respect for Human Rights in Joint Ventures Relationships 73 Chapter Five: Respect for Human Rights in Joint Ventures Relationships Overview Brief overview of joint ventures relationships Joint ventures (JVs) are formed when companies combine their resources

More information

BCS, The Chartered Institute for IT Consultation Response to:

BCS, The Chartered Institute for IT Consultation Response to: BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First

More information

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts

Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts The purpose of this document is to highlight the changes in the options available to Member States and Competent Authorities

More information

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 European Union Agency for Network and Information Security Summary 1 Presentation

More information

Updating Ofcom s guidance on network security

Updating Ofcom s guidance on network security Updating Ofcom s guidance on network security Call for Inputs Publication date: 13 December 2013 Closing Date for Responses: 21 February 2014 Contents Section Page 1 Introduction 1 2 Legislative framework

More information

National Occupational Standards. Compliance

National Occupational Standards. Compliance National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements

More information

Guidance on data security breach management

Guidance on data security breach management Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction

More information

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

More information

GENERAL COMMENTS. 12 February 2015

GENERAL COMMENTS. 12 February 2015 EBF_013353 The European Banking Federation is the voice of the European banking sector, uniting 32 national banking associations in Europe that together represent some 4,500 banks - large and small, wholesale

More information

COMMISSION STAFF WORKING DOCUMENT. Executive Summary of the Impact Assessment. Accompanying the document

COMMISSION STAFF WORKING DOCUMENT. Executive Summary of the Impact Assessment. Accompanying the document EUROPEAN COMMISSION Brussels, 11.9.2013 SWD(2013) 332 final COMMISSION STAFF WORKING DOCUMENT Executive Summary of the Impact Assessment Accompanying the document Proposal for a Regulation of the European

More information

Registration must be carried out by a top executive or a number of executives having the power to commit the whole company in the EU.

Registration must be carried out by a top executive or a number of executives having the power to commit the whole company in the EU. Questions and answers 1- What is the purpose of The Initiative? Why are we doing this? The purpose of the Supply Chain Initiative is to promote fair business practices in the food supply chain as a basis

More information

Initial appraisal of a European Commission Impact Assessment

Initial appraisal of a European Commission Impact Assessment Initial appraisal of a European Commission Impact Assessment European Commission proposal for a Directive on the harmonisation of laws of the Member States to the making available on the market of radio

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

EBF Comments on the Review Draft Standard on General Hedges

EBF Comments on the Review Draft Standard on General Hedges Chief Executive RK/MT EBF ref. N 0365 Email International Accounting Standards Board Mr Martin Edelmann, Mr Stephen Cooper and Mr Takatsugu Ochi 30 Canon Street London EC4M 6XH United Kingdom Brussels,

More information

slaughter and may The new EU Data Protection Regulation revolution or evolution?

slaughter and may The new EU Data Protection Regulation revolution or evolution? slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of

More information

Privacy and Data protection Impact Assessment. Frequently Asked Questions. 1. RFID Privacy Impact Assessment

Privacy and Data protection Impact Assessment. Frequently Asked Questions. 1. RFID Privacy Impact Assessment Privacy and Data protection Impact Assessment Frequently Asked Questions 1. RFID Privacy Impact Assessment a. What is a Privacy Impact Assessment and where does it come from? It is a tool for companies

More information

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013 EU Priorities in Cybersecurity Steve Purser Head of Core Operations Department June 2013 Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure National & EU Cyber

More information

OUTCOME OF PROCEEDINGS

OUTCOME OF PROCEEDINGS Council of the European Union Brussels, 18 November 2014 15585/14 COPS 303 POLMIL 103 CYBER 61 RELEX 934 JAI 880 TELECOM 210 CSC 249 CIS 13 COSI 114 OUTCOME OF PROCEEDINGS From: Council On: 17 18 November

More information

Committee on Payments and Market Infrastructures. Board of the International Organization of Securities Commissions

Committee on Payments and Market Infrastructures. Board of the International Organization of Securities Commissions Committee on Payments and Market Infrastructures Board of the International Organization of Securities Commissions Principles for financial market infrastructures: Assessment methodology for the oversight

More information

European Code for Export Compliance

European Code for Export Compliance European Code for Export Compliance EU-CEC European Institute For Export Compliance EU-ECF EU Export Compliance Framework: EU Export Compliance Charter The European Code for Export Compliance EU-CEC 1.

More information

Guidance on data security breach management

Guidance on data security breach management ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

Lobbying: Sweet Smell of Success?

Lobbying: Sweet Smell of Success? Lobbying: Sweet Smell of Success? A case study on the transparency of lobbying around sugar regulation in the European Union and Spain 1. Introduction It is essential that government decision making be

More information

The European Lotteries

The European Lotteries The European Lotteries SPORTS INTEGRITY ACTION PLAN The 7 Point Programme for THE BENEFIT AND THE FURTHER DEVELOPMENT OF SPORT IN EUROPE March 2013 THE EUROPEAN LOTTERIES SPORTS INTEGRITY ACTION PLAN The

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach

More information

HEALTH AND SOCIAL CARE BILL 2011. Joint Briefing for the House of Lords Committee

HEALTH AND SOCIAL CARE BILL 2011. Joint Briefing for the House of Lords Committee HEALTH AND SOCIAL CARE BILL 2011 Joint Briefing for the House of Lords Committee A Statutory Duty of Candour for the NHS (Duty to ensure transparency) Aim: Establish a Duty of Candour so that any provider

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT

DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT GD21 2 DATA PROTECTION (JERSEY) LAW 2005: GUIDANCE ON DATA SECURITY BREACH MANAGEMENT Introduction Organisations which process

More information

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

WHITE PAPER. PCI Basics: What it Takes to Be Compliant WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through

More information

Cybersecurity Strategy of the Republic of Cyprus

Cybersecurity Strategy of the Republic of Cyprus Policy Document Cybersecurity Strategy of the Republic of Cyprus Network and Information Security and Protection of Critical Information Infrastructures Version 1.0 23 April 2012 TABLE OF CONTENTS EXECUTIVE

More information

Presidency conclusions on establishing a strategy to combat the manipulation of sport results

Presidency conclusions on establishing a strategy to combat the manipulation of sport results COU CIL OF THE EUROPEA U IO EN Presidency conclusions on establishing a strategy to combat the manipulation of sport results 3201st EDUCATIO, YOUTH, CULTURE and SPORT Council meeting Brussels, 26 and 27

More information

CE Marking. Caveat Emptor Buyer Beware

CE Marking. Caveat Emptor Buyer Beware CE Marking November 2012 ANEC-SC-2012-G-026final The European Association for the Co-ordination of Consumer Representation in Standardisation Av. de Tervueren 32, box 27 B-1040 Brussels, Belgium - phone

More information

Insurance Europe response to the Commission Staff Working Document on Consumer Protection in third-pillar retirement products.

Insurance Europe response to the Commission Staff Working Document on Consumer Protection in third-pillar retirement products. Position Paper Insurance Europe response to the Commission Staff Working Document on Consumer Protection in third-pillar retirement products. Our reference: LIF-PEN-13-052 Date: 19 July 2013 Referring

More information

Consultation on the technical legislative implementation of the EU Audit Directive and Regulation

Consultation on the technical legislative implementation of the EU Audit Directive and Regulation AUDITOR REGULATION Consultation on the technical legislative implementation of the EU Audit Directive and Regulation OCTOBER 2015 1. Contents 1. Contents... 2 2. Introduction... 4 The EU Audit Directive

More information

CYBER-ATTACKS THE GLOBAL RESPONSE

CYBER-ATTACKS THE GLOBAL RESPONSE R E P R I N T CYBER-ATTACKS THE GLOBAL RESPONSE REPRINTED FROM: Risk, Governance & Compliance for Financial Institutions 2015 RISK GOVERNANCE & COMPLIANCE for F I N A N C I A L INSTITUTIONS 2 0 1 5 Visit

More information

BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS AISBL

BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS AISBL BEREC report on IPinterconnection in the context of Net Neutrality BEUC statement Contact: Guillermo Beltra digital@beuc.eu Ref.: X/2012/062-09/08/2012 BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS AISBL

More information

Financial Services Guidance Note Outsourcing

Financial Services Guidance Note Outsourcing Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14

More information

Comments and proposals on the Chapter IV of the General Data Protection Regulation

Comments and proposals on the Chapter IV of the General Data Protection Regulation Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information