NEW LEGISLATION ON DATA SHARING AND CYBER SECURITY

New flagship data and cyber security legislation was unveiled in the recent King’s Speech.

Having failed to make the previous Conservative government’s legislative “wash up” prior to the election, the new Labour government has introduced two replacement Bills which take a slightly different approach.

Digital Information and Smart Data Bill (DISDB)

It is difficult at this stage to determine the full scope of this Bill but it appears that it will take a different approach to what was proposed by the previous government’s Data Protection and Digital Information Bill (DPDIB) – with the focus on the sharing of data to facilitate growth in a secure way.

The new government’s stated aim is to harness the power of data for economic growth, to support a modern digital government and to improve people’s lives.

Some of the proposals in the new Bill are similar to those in the DPDIB including:
• the establishment of a Digital Verification Services to assist individuals with moving house, pre-employment checks and buying age-related products by supporting the creation of secure and trusted digital identity products and services.
• Smart Data schemes to provide for the secure sharing of customer data with authorised third-party providers.
• moving to an electronic system for the registration of births and deaths.
• plans to strengthen the Information Commissioner’s Office.
The new Bill also includes proposals such as:
• developing a National Underground Asset register using a digital map that will revolutionise the installation, maintenance, operation and repair of cables and pipes which will give planners and excavators secure, instant access to the data they need to carry out their work effectively.
• establishing a Data Preservation Process that will provide access to data which is necessary for the investigation into the death of a child.
• the ability for scientists to ask for broader consent for the use of data for scientific research.
The Cyber Security and Resilience Bill (CSRB)

This Bill is part of the government’s pledge to enhance and strengthen the UK’s cybersecurity measures and protect the digital economy.

The existing UK regulations reflect law inherited from the EU, which is implementing reforms to the Network and Information Systems Directive 2018 to create a more robust framework, known as NIS2, which will be in effect in the EU from 17th October 2024. The previous government had indicated that NIS2 would not be replicated in the UK and had proposed more limited changes to the existing regulations.

The new government says the cyber security regulations need an “urgent update”, and it is likely that the CSRB will be similar to the proposed EU legislation.

The Bill will:
• expand the remit of the current UK NIS regulations to protect more digital services and supply chains.
• provide regulators with greater powers to ensure essential cyber safety measures are being implemented. This would include potential cost recovery mechanisms to provide resources to regulators and provide powers to proactively investigate potential vulnerabilities.
• implement increased incident reporting to provide data on cyber attacks, including where a company has been held to ransom. The purpose is to improve the understanding of cyber threats and provide essential data to enable identification of patterns of attacks and an effective response.
For further information on the Digital Information and Smart Data Bill and the Cyber Security and Resilience Bill please contact Amy Peacey, on [email protected] or 0345 209 1329.

Clarke Willmott is a national law firm with offices in Birmingham, Bristol, Cardiff, London, Manchester, Southampton, and Taunton.

Amy Peacey is a partner in the corporate and commercial team at Clarke Willmott in Southampton.