2018 will be the year in which businesses will need to reassess cybersecurity defences and update operations and legal documents around data protection.
Data protection and cybersecurity law are hot topics right now. China issued cybersecurity regulations last year, the EU General Data Protection Regulations come into force on 25 May, and two major cases in the US will all be pivotal influences that determine the future of digital laws.
An increasing number of cyberattacks and questionable data sharing has prompted lawmakers to rush through Cybersecurity Laws. The recent high profile incident involving Facebook and UK-based firm Cambridge Analytics, added fuel to the debate.
The world’s policy makers are being pressured into protecting consumer data but at the same time trying to work the rights of law enforcement agencies into the narrative. The outcome will no doubt pose legal headaches for businesses.
China has been particularly active around internet security. The Cybersecurity Law passed by the People’s Republic last year has already drawn criticism from foreign businesses in China. Regulations have been called vague, and designed to evoke “fear”.
However, China’s regulations do attempt to prove a point. The legislation covers a broad range of content and provides universal legislation for the country that was previously scattered across various jurisdictions. The policies are expected to accelerate the pace of setting national standards which could be used as a blueprint on a global scale.
At its core, cybersecurity legislation provides rights, obligations and the duties digital businesses are responsible for. This covers data storage, emergency response, safeguarding strategies, internal system duties, and obligations for technical measures.
There is also a pressing concern with regards civil liability for data breaches, and the link between fraudulent activity and certain data leaks. In the United States, data requested by law enforcement agencies is the hot topic to watch in 2018.
Is law enforcement breaching data laws?
Companies that store personal information receive large numbers of requests from law enforcement agencies. The Cybersecurity Law passed in China raised controversy by giving powers to security agencies to access personal information and important business data.
Two major legal cases in the United States raise the same issue, and could prove to be another milestone in the evolving debate of constitutional jurisprudence.
The main issues are what burden of proof law enforcement agencies need to obtain consumer data from business databases, and whether security agencies should be allowed access to user data stored by companies in foreign countries.
In one major case involvement Microsoft and the US government, law enforcement agencies argue information held in cloud storage servers offshore should be made available if an individual is suspected of criminal activity on US soil. Microsoft contend the US government agencies do not jurisdiction over data held in sovereign nations.
We have not heard the last of cybersecurity in 2018 and the next big scandal to break could expedite legislation across the globe. With laws likely to include hefty financial penalties and company closures, your best option is to seek proper legal advice to mitigate the risks.
ICLG has a global network of legal specialists that provide expert advice on national and international cybersecurity laws. Contact ICLG today and speak with one of our qualified teams.