Ciaran Mattin, the founding director of the UK's National Cyber Security Centre, has announced his intention of stepping down this summer after four years in the job, Sky News reports. His successor has not yet been named. Mr. Martin, who's generally been a well-regarded NCSC head, intends to serve, for awhile at least, as a visiting professor at King's College, London.
Two tracts of regulatory terra incognita are about to be explored in the US. Yesterday the California Consumer Privacy Act (the CCPA) went into effect. The Los Angeles Times summarizes the law's fundamental principles as follows: "People should be able to know if companies sell their personal information, see what information companies have already collected on them, and have the option of quitting the whole system." As Cooley points out in their commentary on the new law, how it will come to be applied in practice remains to be seen, but one should expect that application to be "vigorous."
The other complex compliance regime on the horizon affects US Federal contractors, who will now have to account for their supply chain in novel and unprecedented ways. US General Services Administration has announced that its procurement schedules, to be refreshed on January 15th of this year, will include bans on doing business with companies whose offerings include “substantial or essential” components from specified Chinese companies, notably Huawei and ZTE. FedScoop points out that this will affect companies whose supply chains are too enmeshed with those of the proscribed companies. Federal contractors should look closely to their supply chains and their subcontractors. The new rules will move them into poorly charted compliance terrain.
A dust-up over Huawei is also brewing in Canada, where, the National Post reports, the opposition Conservatives are pressing the ruling Liberals to keep the Chinese company out of the countries 5G networks.