Sign in Subscribe
By Gary Shewan in Data Laws

New Bills

The new Government seem all very sensible, professional and boring so far. Let’s hope that continues. I did see the following Bills in the Kings Speech:

‘Digital Information and Smart Data Bill’ and
‘Cyber Security and Resilience Bill’

My blood ran cold at the mention of that first one but it doesn’t look like the old one coming back. Looking at the briefing:

“The Bill will ensure your data is well protected. We are modernising and strengthening the ICO. It will be transformed into a more modern regulatory structure, with a CEO, board and chair. And it will have new, stronger powers. This will be accompanied by targeted reforms to some data laws that will maintain high standards of protection but where there is currently a lack of clarity impeding the safe development and deployment of some new technologies. We will also promote standards for digital identities around privacy, security and inclusion.”

I’m okay with that. As for the second Cyber Bill:

“The existing UK regulations reflect law inherited from the EU and are the UK’s only cross-sector cyber security legislation. They have now been superseded in the EU and require urgent update in the UK to ensure that our infrastructure and economy is not comparably more vulnerable.”

I want to read ‘equivalency’ into that and I will continue to hope. But the next bits of the Cyber Bill are worth thinking about and keeping an eye on:

“Expanding the remit of the regulation to protect more digital services and supply chains. These are an increasingly attractive threat vector for attackers. This Bill will fill an immediate gap in our defences and prevent similar attacks experienced by critical public services in the UK, such as the recent ransomware attack impacting London hospitals.”

Coupled with:

“Putting regulators on a strong footing to ensure essential cyber safety measures are being implemented. This would include potential cost recovery mechanisms to provide resources to regulators and providing powers to proactively investigate potential vulnerabilities.”

And:

“Mandating increased incident reporting to give government better data on cyber attacks, including where a company has been held to ransom - this will improve our understanding of the threats and alert us to potential attacks by expanding the type and nature of incidents that regulated entities must report.”

Proactive? Mandating? Expanding? I think I’ve mentioned a few times in posts that if organisations do not get their act together, then it puts pressure on Governments to step in.

Should be interesting.

Here’s the link to the briefing

Digital Bill, page 40
Cyber Bill, page 95

Subscribe to Gary P Shewan

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe