|
6.6
Institutional Arrangements for Cybersecurity Bureaucracy
The institutional arrangements supporting cybersecurity are as varied and diverse as the
approaches to the issues. First, there is no one-size-fits-all response to effective
institutional design as globally institutional arrangements vary dramatically. Second, not
all cybersecurity issues have a specific institutional dimension. The most obvious one is the
144
Comprehensive Study on Cybercrime xxi. 2013.
145
Id. at.
146
W
ALL
, Cybercrime: The Transformation of Crime in the Information Age 19-21. 2007.
147
Id. at, 28.
43
area of cybercrime, where practice indicates that issues of cybercrime, once passed into
legislation, are usually within the purview of the law enforcement and the judiciary.
148
In terms of privacy, for example, a number of examples demonstrate the wide practice of
institutional responses:
In the E.U., generally, each country has a Data Protection Agency (DPA) principally
responsible for the interpretation and enforcement of data privacy violations. Each DPA is
typically an independent agency, with the authority to enforce against other government
entities. For those E.U. member states with a criminal component to data protection
legislation, national or regional prosecutors may be engaged by the DPA for particular
matters. In addition, at the E.U. level, there is a Working Party on Data Protection that
determines which countries are compliant with the Directives.
149
In Argentina, the National Data Protection Directorate (NDPD) established under the
Personal Data Protection Act is responsible for digital data protection. The NDPD is under
the Ministry of Justice and Human Rights.
150
In Canada, at the federal level, the Personal Information Protection and Electronic
Documents Act (PIPEDA) assigns its oversight and enforcement role to the Office of the
Privacy Commissioner of Canada (OPC) which reports to Parliament.
151
In Malaysia, processing of personal data is regulated by the Personal Data Protection Act
2009 (PDPA). The Personal Data Protection Commissioner is appointed by the Ministry of
Information, Culture, and Communications and is in charge of implementing and enforcing
the personal data protection laws in Malaysia.
152
148
Satola & Judy, W
ILLIAM
M
ITCHELL
L
AW
R
EVIEW
, 1781 (2011).
149
Id. at, 1782-1783.
150
Id. at.
151
Id. at.
152
Id. at.
44
In South Africa, the Protection of Personal Information Act (PPIA) requires that personal
information may only be processed by a responsible party that has notified the information
Protection Regulator (Regulator), which reports to the President of South Africa.
153
Strong governmental involvement and institutional solutions in securing cyberspace are
justified due to the heavy dependence of the government on technology and cyberspace for
its own operations. In addition, government has a unique vantage point from which to
observe and understand global economic, political, and technological forces that could give
rise to cyberthreats.
154
On the international level, if members of the international community were able to develop
a convention mandating international cooperation on cybersecurity and applying universal
jurisdiction to acts of cyberaggression, the benefits would be palpable. One such benefit
would an opportunity to create a UN agency comparable to the International Maritime
Organization (IMO) whose purpose would be to ensure the safety and security of the
internet.
155
The IMO was created pursuant to the adoption of the Convention on the International
Maritime Organization. The purpose of the IMO is to facilitate cooperation among
governments in order to ensure that the highest practicable standards in matters
concerning maritime safety are in place. The IMO also maintains detailed records of all
incidents of piracy, which supports the IMO’s policy recommendations and efforts to
develop new law when the need arises. The IMO’s strategy consists of compilation and
distribution of periodical statistical reports, piracy seminars and field assessment missions
to regions affected by piracy and the preparation of a code of practice for the investigation
and prosecution of the crime of piracy. An agency similar in function to the IMO dedicated
to tracking incidents of cyberaggression and fostering cooperation between member
nations would help to consolidate the international effort to monitor and deter
153
Id. at.
154
Contreras, et al., A
MERICAN
U
NIVERSITY
L
AW
R
EVIEW
, 1123 (2013).
155
Stahl, G
EORGIA
J
OURNAL OF
I
NTERNATIONAL AND
C
OMPARATIVE
L
AW
, 270-271 (2011).
45
cyberaggression. Moreover, such an agency would help to legitimize the international legal
regime that created it, and would provide sound policy rooted in empirical evidence.
156
Do'stlaringiz bilan baham: |
