Changes: Cyber Security Regulation and Incentives Review

Revision as of 00:10, 4 December 2020

Citation

Department for Digital, Culture, Media & Sport, Cyber Security Regulation and Incentives Review (Dec. 21, 2016) (full-text).

Overview

This review considered whether there is a need for additional regulation or incentives to boost cyber risk management in the wider economy.

The Review makes a number of conclusions and recommendations, including:

• There is a strong justification for regulation to secure personal data, as there is a clear public interest in protecting citizens from crime and other harm. • Government will therefore seek to improve cyber risk management in the wider economy through its implementation of the forthcoming General Data Protection Regulation (GDPR). The breach reporting requirements and fines that can be issued under GDPR will represent a significant call to action for industry. • This will be supplemented by measures to more clearly link data protection with cyber security, including through closer working between the Information Commissioner's Office and the new National Cyber Security Centre. • Further new measures include working with the investment community to produce cyber security guidance, and working with regulators via a new Regulators' Forum which will share good practice and threat information. • For now, Government will not seek to pursue further general cyber security regulation for the wider economy over and above the GDPR.

@@ Line 9: / Line 9: @@
 The Review makes a number of conclusions and recommendations, including:
-••There is a strong justification for regulation to secure personal data, as there is a clear public interest in protecting citizens from crime and other harm.
+• There is a strong justification for [[regulation]] to [[secure]] [[personal data]], as there is a clear public interest in protecting citizens from crime and other harm.
+• Government will therefore seek to improve [[cyber risk management]] in the wider economy through its implementation of the forthcoming [[General Data Protection Regulation]] ([[GDPR]]). The breach reporting requirements and fines that can be issued under [[GDPR]] will represent a significant call to action for industry.
+• This will be supplemented by measures to more clearly link [[data protection]] with [[cyber security]], including through closer working between the [[Information Commissioner's Office]] and the new [[National Cyber Security Centre]].
+• Further new measures include working with the investment community to produce [[cyber security]] guidance, and working with regulators via a new Regulators' Forum which will share [[good practice]] and [[threat information]].
+• For now, Government will not seek to pursue further general [[cyber security regulation]] for the wider economy over and above the [[GDPR]].
-Government will therefore seek to improve cyber risk management in the wider economy through its implementation of the forthcoming General Data Protection Regulation (GDPR). The breach reporting requirements and fines that can be issued under GDPR will represent a significant call to action for industry.
-This will be supplemented by measures to more clearly link data protection with cyber security, including through closer working between the Information Commissioner’s Office and the new National Cyber Security Centre.
-Further new measures include working with the investment community to produce cyber security guidance, and working with regulators via a new Regulators’ Forum which will share good practice and threat information.
-For now, Government will not seek to pursue further general cyber security regulation for the wider economy over and above the GDPR.
 [[Category:Publication]]