At a glance.
- Clarity sought in trans-Atlantic data transfer rules.
- Update on the National Critical Functions framework.
- CISA appoints cyber strategy lead.
- A new IC takes office.
EU data transfer regulations remain in limbo.
In July 2020, the Privacy Shield trans-Atlantic data transfer agreement was deemed incompatible with GDPR, and with its expiration data transfers from Europe to the US have become somewhat more difficult. Ever since, the EU and the US have been in negotiations to reach a new data deal, and as the new year rolls in, companies are still left with little guidance on how to proceed. Making matters worse, in 2021 the EU restricted European companies’ ability to work with US tech providers, under certain circumstances. “We’re entering 2022 without clarity on international data flows,” Martynas Barysas, director for internal markets at Business Europe, a Belgian trade group, told the Wall Street Journal. A European Commission spokesperson explained, “These negotiations take some time, given also the complexity of the issues discussed and the need to strike a balance between privacy and national security.”
National Risk Management Center breaks down critical functions.
MeriTalk reports that the US National Risk Management Center (NRMC) is focused on establishing its National Critical Functions (NCF) framework, and NRMC Director Bob Kolasky has provided an update on their progress. NCRM has identified fifty-five NCFs, which are intended to help officials prioritize risk to critical infrastructure, using a process called functional decomposition which “enables a deeper understanding of how entities come together to produce critical functions,” Kolasky explained in a memo distributed on December 15. “The decomposition identifies all the layers that produce or deliver an NCF, as well as numerous dependencies and interdependencies within and across each NCF.” Thus far, NRMC has identified nearly three hundred primary sub-functions and over one thousand secondary sub-functions.
CISA appoints new cyberstrategy leader.
Daniel Bardenstein has been brought in as the US Cybersecurity and Infrastructure Security Agency’s (CISA) new tech and cyber strategy lead. MeriTalk explains that in his new position, Bardenstein will focus on tech and cyber strategy, not just for CISA, but also for its critical infrastructure partners. Bardenstein’s bonafides include a background in cybersecurity product management at the Defense Digital Service, where he also oversaw cybersecurity for the government’s COVID-19 vaccine distribution effort Operation Warp Speed. “Those experiences galvanized my desire to stay in government and see how else I can make an impact – there’s no shortage of things to do,” Bardenstein stated on LinkedIn.
New chief executive heads up ICO.
Also starting a new role is New Zealand’s former Privacy Commissioner John Edwards, who begins his five-year tenure as the chief executive of the UK privacy watchdog the Information Commissioner's Office (ICO) today, Computing reports. Inheriting the position from former chief Elizabeth Denham, Edwards stated, "My role is to work with those to whom we entrust our data so they are able to respect our privacy with ease whilst still reaping the benefits of data-driven innovation. I also want to empower people to understand and influence how they want their data to be used, and to make it easy for people to access remedies if things go wrong." Among the tasks he’ll be taking on are the Online Safety Bill (currently being considered at Parliament), the UK's post-Brexit data safety measures, and myriad legal conflicts with big tech. Denham will be taking on a consulting position at Baker McKenzie, the law firm that represented Facebook against the ICO during the Cambridge Analytica scandal.