This Week in Privacy: 15 February 2021
February 15, 2021
Council agrees position on ePrivacy Regulation
The Portuguese Presidency will now commence negotiations with the European Parliament on the final text of the Regulation.
NYDFS issues cyber insurance risk framework
The New York State Department of Financial Services issued a Cyber Insurance Risk Framework, marking the first time a regulator in the US has issued specific guidance on cyber insurance. In particular, the Framework applies to all authorised property or casualty insurers that write cyber insurance, and outlines best practices for managing cyber insurance risk. The Framework recommends the establishment of a formal cyber insurance risk strategy, determining whether an insurer is exposed to silent or non-affirmative cyber insurance risk and managing this exposure, regularly evaluating systemic risk and planning for potential losses, obtaining cybersecurity expertise through recruitment, and requiring notice to law enforcement in the event of a cyber attack.
DCMS publishes draft Trust Framework on future use of digital identities for public comment
The UK Department for Digital, Culture, Media & Sport published its draft Trust Framework for governing the future use of digital identities. In particular, the Trust Framework relates to data protection, security, and inclusivity, and is part of the DCMS' work in relation to simplifying procedures for individuals to verify themselves using technology. The Trust Framework includes principles, policies, procedures, and standards governing the use of digital identity to allow for the sharing of information to check people's identities or personal details, such as a user's address or age, in a trusted and consistent way, aiming to enable interoperability and increase public confidence. The Trust Framework also outlines specific standards and requirements for organisations which provide or use digital identity services.