New US Data Security legislation heard

The USA's draft Data Security and Breach Notification Act of 2015 was heard by the House Energy & Commerce committee on 18 March 2015.  The bill aims to replace the plethora of piecemeal federal data security and breach notification laws and to enhance data security standards.  The bill would implement stringent breach notification requirements, but has received criticism for not proposing strong enough enforcement provisions and requiring sufficiently robust processes to safeguard data.

Yahoo announces controversial on-demand password

On Monday 16 March, Yahoo announced the launch of its on-demand password service which allows account holders to link their account security to their mobile phone.  When a user attempts to access their account, a one-time password will be sent to their phone via SMS. This removes the need for a password to enter the account.  The move shows innovation within the security industry but it has been met with much controversy as it adds an extra stage in the verification process and opens new security concerns around the use of malware to intercept SMS messages.

UK ICO raid on PPI cold calling company

The ICO has carried out a raid on a UK company offering to claim back mis-sold Payment Protection Insurance (PPI).  Automated dialling has been used to contact over 90 million phone numbers with no ability for the recipients of the calls to opt out of receiving the automated messages.  The raid highlights the tough stance taken by the UK's data protection authority on cold calling

Data Protection Regulation “One-Stop Shop” provision weakened

The proposal in the EU's Draft Data Protection Regulation that companies would be able to deal with a single national data protection authority has been drastically limited.  On 13 March, the Council communicated an internal agreement to limit the use of the “One-Stop Shop” to narrow circumstances, removing the expectation that companies would be able to receive a consistent approach from one body.

German alliance in 'Internet of Things' market

German companies have formed an alliance to promote their interests in the Internet of Things.  Key priorities include German interests, both those of companies and individuals, and countering concerns about competition from the key technology giants.  The move comes in the wake of Germany's push for strict data protection regulation.

Overhaul of Australia’s Privacy Act

On 18 March 2015, an amendment to Australia's Privacy Act came into effect.  It gives new powers to the Office of the Australian Information Commissioner (OAIC) which enables monitoring of compliance with the Act.  It will affect Australian companies storing or processing personal data and will extend to foreign companies operating in Australia and deals with the collection, storage and use of personal data.

Japan recruits young hackers

Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has recruited young people with hacking skills to become 'cyber defenders'.  This follows in the wake of over 25.7 billion attempted cyber attacks against government and other institutions in 2014.

North Korean attack on nuclear power plant

This week, South Korea has accused North Korea of carrying out a cyber attack on its nuclear power plant operator as a "clear provocation against our security".  The hackers stole email addresses and sent emails to staff involved in the running of the nuclear reactors in an attempt to cause a system malfunction, however, the attacks failed to penetrate the control systems.