In October 2015, hackers infiltrated the accounts of 15 million T-Mobile customers, stealing social security numbers, names and birth dates. Last September, Yahoo revealed that 500 million user accounts were compromised in a massive data breach. At roughly the same time, Sony Co. agreed to pay as much as $8 million to settle employee claims over theft of personal information in a computer hacking crime. With such alarming, wide-scale breaches, corporations and government institutions alike are turning increased attention to internet security issues.
- So, the question here is..
How to control the Internet without squelching it? How do you secure confidential, classified information without overdoing it? And what do you do when it leaks?
As the digital world evolves and grows, there is an increased focus on cybersecurity laws and regulations. the State legislative bodies gave particular attention to the protection of personal data shared on the internet. Different laws, and on top of them the European General Data Protection Regulation, were enacted to regulate the collection, usage, transfer and disclosure of personal data. The Egyptian legislator was also part of this international initiative regarding the collective and enacted regulations, as Law No. 151 of 2020 and its executive regulations issued to address personal data protection and risks. However, it is true that the spectrums of data protection and cybersecurity intertwine, however, they do not necessarily match.
Personal data regards such information that relates to an identified or identifiable individual. Cybersecurity not only addresses personal data, but also sensitive data, protected health information, intellectual property and governmental and industry information and systems. Also, data protection laws regulate the ‘flow’ of data, while cybersecurity focuses on the acts of theft, damage and unauthorized use of all types of electronic data and measures taken to achieve them.
But what will eventually happen if the same act triggers another crime under a different law?
When reading the Cybersecurity Law, it would seem that prohibited acts mentioned under it could simultaneously trigger the enforceability of other laws. The most evident one, mentioned under the title of this article is the data protection law. However, the Cybersecurity Law also touches upon issues under the Banking Law, the Telecommunication Law and, generally speaking, the Penal Code.
Where such situations occur, it is believed that the rule set forth under the Penal Code applies. Reliance will be made on the crime with the heavier penalty and the other possible crimes will be excluded. For example, if an action triggers a crime under the Cybersecurity Law and the Banking Law, where the latter imposes heavier sanctions, the verdict will be rendered with respect to the crime constituted under the Banking Law only.
It seems though that despite the interplay between cybersecurity and other fields, the most common confusion will always remain between cybersecurity and data protection. However, as clarified under this article, cybersecurity deals with its own set of challenges.
