CYBER Liability and CYBER Security (nov 21, 2014)(final)
-
Upload
melanie-kamilah-williams -
Category
Documents
-
view
163 -
download
1
Transcript of CYBER Liability and CYBER Security (nov 21, 2014)(final)
CYBER LIABILITY AND CYBER SECURITYMelanie Kamilah WilliamsSenior Legal Officer – Financial Services Commission
EXAMPLES OF E-COMMERCE, COMMONALITIES FOR USERS
Commercial providers offering market platforms to traders Internet payment gateways Social media pages (FB, Instagram, Twitter) Search engines Cloud technology
CHALLENGES FACED BY BUSINESSES
Potential areas of cyber liability Weak systems to protect IP, website,
customer information Data capture and protection Preserving confidentiality of email
communication, intellectual property, Liability associated with website
content, use of celebrity images User privacy, use of cookies, sale of
information to third parties
Solutions: Cyber liability insurance Corporate Governance Training staff on use of social
media, emails Training staff on basic security
measures to protect data Use of layered security measures Contingency Plans
LEGISLATION RE CYBER LIABILITY IMPACTING FSC’S LICENSEES
DATA STORAGE and DATA PRESERVATION MAINTAINING TRANSACTIONAL DATA MAINTAINING THE CONFIDENTIALITY OF
CLIENT INFORMATION, BENEFICIARY INFORMATION RE PENSION PLANS
DATA RETRIEVAL SUSPICIOUS TRANSACTION REPORTS KNOW YOUR CUSTOMER – E-COMMERCE CLOUD, NETWORK AND DATA BREACHES MANAGING FINANCIAL INFORMATION FOR
CLIENTS, TAX AUTHORITIES
Securities Act and RegulationsPensions (Superannuation Funds and Retirement Schemes) Act and RegulationsInsurance ActPOCA, Cybercrimes
CYBERCRIMES ACT
Prohibits: Unauthorized access to any program or data held in a computer
Unnecessary to establish any intention to access a specifically identifiable program or data or any specific computer
Section 3
CYBERCRIMES ACT
Prohibits: Any act which the person knows is likely to cause an
authorized modification of the contents of any computer Irrelevant whether the modification is permanent or temporary
or intended to Section 5
CYBERCRIMES ACT
Prohibits: Securing unauthorized access to any computer in order to
obtain, either directly or indirectly any computer service Unauthorized interception of any function of a computer Section 6
CYBERCRIMES ACT
Prohibits: A person, without authorization or lawful justification or excuse, willfully
causing either directly or indirectly: A degradation, failure, interruption or obstruction of the operation of a
computer Denial of access to, or impairment of, any program or data stored in a
computer Section 7 of the statute
CYBERCRIMES ACT
Prohibits: A person, without authorization or lawful justification or excuse,
willfully causing either directly or indirectly: A degradation, failure, interruption or obstruction of the operation
of a computer Denial of access to, or impairment of, any program or data stored in
a computer
EXAMPLES OF FSC’S POWERS
Section 67H (3) (d) of Securities Act – FSC can require any applicant, licensee or registrant to produce any data or information pertaining to its business in a form usable by the FSC for making legible copies
FSC can remove the data for purpose of copying – section 67H (4) (b)
“Anti-shredding” provision – section 67H (6) – any person who withholds, destroys, conceals, refuses to give or produce any data commits an offence
EXAMPLES OF FSC’S POWERS
Section 68A of Securities Act – FSC can obtain a court order which prevents disposal of any assets by a person suspected of a breach
Section 68C – FSC can obtain an order prohibiting any person from dealing with property (including profits obtained from a securities offence) [Restraint and preservation of property order]
EXAMPLES OF FSC’S POWERS
Section 68D – FSC’s right of access to examine books, records and information of affiliates of licensees or a group of companies
Section 68D(6) – Purpose of obtaining information, including from Internal Audit Committee is assessing their evaluation of risks as part of risk management
Section 68E – FSC may have access to communications data, in keeping with the powers given to it under section 16 (3A) of the Interception of Communications Act for any securities offence in Part V of the Securities Act
EXAMPLES OF FSC’S POWERS
FSC can share information with its counterparts – Overseas Regulatory Agencies to support other investigations
See section 68F of the Securities Act and the FSC (Overseas Regulatory Authorities) Regulations
INTERNATIONAL TRENDS – US REGULATION
Maintaining privacy of client information In US, the Gramm Leach Bliley Act, financial institutions are
required to have appropriate standards to preserve client’s financial information
Payment Card Industry Data Standard – to protect clients’ payment information
INTERNATIONAL TRENDS - USA
National Institute of Standards and Technology (NIST) – Cybersecurity Framework (issued in Feb. 2014)
Securities Exchange Commission – Office of Compliance, Inspections and Examinations (cybersecurity initiative)
SEC’s recent statements on management of cyber risks by the Board of Directors’ of securities intermediaries
SEC’s Commissioner Aguilar – Cybersecurity is a Board Responsibility
INTERNATIONAL TRENDS - EUROPE
ENISA, the European Union Agency for Network and Information Security (ENISA)
EU’s cybersecurity agency REGULATION (EU) No 526/2013 OF THE EUROPEAN
PARLIAMENT AND OF THE COUNCIL (new regulation in June 2013)
ENISA will be working closely with Europol and member states of the EU
INTERNATIONAL TRENDS - EUROPE
In March, EU Council and Parliament considered the Cybersecurity Directive (formerly Network Information and Security Directive)
General Data Protection Regulation (draft) - 2013 On October 30, 2014, over 600 firms across Europe
participated in cybersecurity exercise
RESOURCES
SYMANTEC INTERNET SECURITY THREAT 2014 NIST SECURITIES AND EXCHANGE COMMISSION’S CYBER GUIDANCE NET DILIGENCE – 2013 REPORT ON CYBER LIABILITY AND DATA
BREACH REPORT VERIZON 2014 REPORT ON DATA BREACH INVESTIGATIONS ENISA, REGULATION ON DATA PROTECTION AND CYBER
SECURITY
THANK YOU FOR YOUR KIND ATTENTION
For additional information, please contact the Financial Services Commission at 39 – 43 Barbados Avenue, Kingston 5
www.fscjamaica.org