Adsense HTML

Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

APRA's cybersecurity strategy

APRA is stepping up its focus on CPS234 in 2021.  This is not a surprise.  The Australian government has a strong focus on cybersecurity (and Defence, and foreign influence).

https://www.apra.gov.au/news-and-publications/executive-board-member-geoff-summerhayes-speech-to-financial-services

UK Financial Regulator Publishes Insights from the Cyber Coordination Groups

A UK financial regulator has published a report regarding cybersecurity risks.

"CCG members also noted the development of cloud security as an emerging risk area, and that data held in cloud environments should be encrypted and protected by appropriate intrusion detection/prevention controls. In some cases, it may be advisable to include “kill switch” technology, which allows for immediate disconnection to manage the risk of a cyber attack having a more widespread impact."

See
https://www.ropesgray.com/en/newsroom/alerts/2020/03/UK-Financial-Conduct-Authority-Publishes-Insights-from-the-Cyber-Coordination-Groups

Consequential Loss After Hacking Decision from the USA

An interesting decision from the United States (11th Circuit appeals court) in Silvertop Systems -- decision here.

There is an interesting discussion of consequential loss, that starts at the heading "LMT's Counterclaim for Breach of Contract"

Facts were these:

·         Supplier (Silverpop) provided an email marketing service.  Customers loaded up email addresses and Supplier would send out mass emails in a form specified by the customer to addresses on the list.
·         Hackers got into the Supplier’s system and got access to several customer’s marketing lists, including LMT’s list.
·         The contract between Silverpop and LMT had a confidentiality clause (obligation to protect the list against unauthorised disclosure to third parties) and an exclusion of consequential loss.
·         Amongst the claims and counterclaims, was a claim from LMT that Silverpop had breached the confidentiality obligation and that the damage suffered by LMT was the sale value of the marketing list, which they said was now worthless.

This is what the court decided – assuming it was correct that the value of the marketing list was now zero, that was a consequential loss.  The court discussed the difference between general damages and consequential damages (which is remarkably similar to the old English decision of Hadley v Baxendale).  The direct loss which would have been recoverable by LMT if there had been a breach of the confidentiality obligation was the loss of the value of the service (but that is not what LMT claimed).

New Californian Privacy Law: CPRA to effectively replace CCPA

On U.S. Election Day, 3 November 2020, voters in the State of California overwhelmingly voted in favour of Proposition 24—a ballot measure t...