At a glance.
- US EO implements US-EU privacy safeguards.
- Australian lawmakers propose telecom privacy law amendments.
- You must be this age to ride this website.
- UK’s new academy aims to bolster cyber defense training.
- US Treasury looks to remediate cyber insurance gaps.
US Executive Order implements US-EU data-sharing privacy safeguards.
An Executive Order signed this morning by US President Biden moves the US and the EU closer to agreement on data privacy standards. It specifies the safeguards the US undertakes to put in place pursuant to the agreement reached with the European Union in March of this year. The Executive Order specifically addresses European concerns about US signals intelligence and other intelligence activities. It reassures the EU that the US will conduct SIGINT only “in pursuit of defined national security objectives,” and that US SIGINT will be conducted with due respect for the privacy of individuals, whatever their citizenship. It also undertakes to establish safeguards and mechanisms to resolve any concerns or disputes over data handling and compliance.
Australian lawmakers propose telecom privacy law amendments.
In response to the massive data breach at Optus, Australia’s second-largest mobile operator, the Australian government yesterday proposed amendments to the country's Telecommunications Regulations 2021 Act, Reuters reports. By helping telcos to share government-issued identification documents with financial institutions, the new rules are intended to support banks in monitoring the accounts of customers for fraudulent activities. Telcos would be allowed to temporarily share specific government identifier data like Medicare and passport numbers with financial services providers so they can better safeguard customers’ accounts from potential fraud.
Treasurer Jim Chalmers said of the proposed changes, "They've been carefully designed with strong privacy and security safeguards to ensure that only limited information can be made available temporarily to prevent and respond to cyber security incidents, fraud, scams and related activities.” ZDNet notes that the changes will apply to all financial institutions regulated by the Australian Prudential Regulation Authority, excluding branches of foreign banks, and that institutions will need to submit a written commitment that they will comply with all necessary privacy obligations and meet relevant data security standards. Australian Information Commissioner and Privacy Commissioner Angelene Falk explained, “The regulatory framework needs to shift the dial to place more responsibility on organisations who are the custodians of Australians' data, to prevent and remediate harm to individuals caused through the handling of their personal information.”
You must be this age to ride this website.
The Open Identity Exchange Identity Trust 2022 event was hosted in London last week, and online age verification was a central topic of interest. Computing notes that many countries including the US, Europe, UK, and Australia are considering legislation that would place age restrictions on websites in order to protect minors from disturbing or harmful content. "There's just a whole host of legislation either in place now or about to come into force, which is essentially saying that if you are online you are going to need to demonstrate your age," Ian Corby, executive director of trade body the Age Verification Providers Association (AVPA), stated at the event. But questions remain as to how to most effectively verify age online, and just which sites will be impacted by such legislation, especially as platforms like social media sites have pushed back on age restrictions in an effort to protect their business model. The current draft of the UK’s Online Safety Bill covers all services "likely to be accessed by children,” but expected changes will likely be more specific.
Dr Rachel O'Connell, founder and CEO of TrustElevate, a provider of child age verification and parental consent software, compares age limits to height restrictions for rides at a theme park. "If you're under three foot, you're not going on the adults’ ride, you're going on the kids’ one,” she says. “So in that amusement park, you have adults, teens and children interacting, but there are certain restrictions for users. It's trying to bring that into the online world." The Online Safety Bill is currently in the last stages of Parliament, and the US’s California Age-Appropriate Design Code Act was recently signed into law. As well, the US federal Children's Online Privacy Protection Act (COPPA) of 2010 could be amended to include age verification, and a draft of the Australian Online Privacy Code seeks to hold social media platforms accountable for verifying users’ ages.
UK’s new academy aims to bolster cyber defense training.
Last month at the Atlantic Future Forum 2022, hosted in New York City, the UK announced its upcoming Defence Cyber Academy, a £50 million project offering education and support for “developing the national cyber profession.” Building off of the UK’s older Defence Cyber School, the academy’s main goals will be increasing the volume and scope of cyberdefense training and education, collaborating with global allies to identify best practices and services, and engaging with industry and academia to improve its educational offerings. Overt Defense notes that students will include British citizens as well as international allied personnel, including American cyber experts, in an effort to boost US-UK cooperation. British defense secretary Ben Wallace explained, “Defence co-operation between the United Kingdom and the United States is the broadest and deepest of any two countries in the world, and will continue to expand in the coming decades. The Defence Cyber Academy builds on that collaboration, defining closer integration and shared capability, helping us and our allies counter global cyber security threats, staying one step ahead and at the forefront of this cutting-edge military domain.”
US Treasury looks to remediate cyber insurance gaps.
The US Treasury Department’s Federal Insurance Office is seeking public comment on addressing coverage gaps in the cyber insurance industry. As cybercrime escalates and evolves at an exponential rate, insurers are increasing rates and cutting coverage to limit their exposure, making it difficult for companies to obtain affordable coverage when they need it most. According to Fitch Ratings, cyber insurers have seen a 300% increase in losses from 2018 to 2021. As Bloomberg Law explains, some legislators wonder if a federal insurance backstop could be the answer, not just to improve coverage for potential victims, but also to make it easier for insurers to share the incurred risk with the government. Andy Moss, a partner at international law firm Reed Smith LLP, explained, “A cyber insurer can write policies with comfort knowing it can transfer some risk to the government, so it can offer bigger policy limits for businesses. The Treasury is seeking input on various questions including how to determine if a breach is “catastrophic,” whether businesses feel they are adequately insured, and how to motivate policyholders to improve their cybersecurity posture. Public comment will be received until November 14.