In the much anticipated first King’s Speech of the new Labour Government on 17 July 2024, the monarch announced that the long anticipated Cybersecurity and Resilience Bill (CS&R Bill) would be amongst those new laws making their way onto Parliament’s schedule for the next year. Six years on from the implementation of the
Continue Reading UK: The UK Cybersecurity and Resilience Bill – a different approach to NIS2 or a British sister act?
Cyber regulation is changing in Australia. As governments globally grapple with the everchanging and increasingly challenging cyber landscape, Australia is poised to implement new laws and update existing regulation in order to enhance Australia’s cyber security and resilience. These changes fall within the framework established by the 2023-2030 Australian Cyber Security Strategy, which aims to
Continue Reading Australia: Anti-scam measures and ransomware reporting on the agenda
Hong Kong is following other jurisdictions, including Mainland China, Singapore and the UK, in proposing to enhance cybersecurity obligations on IT systems of those operating critical infrastructure (“CI“). While the proposed new law, tentatively entitled the Protection of Critical Infrastructure (Computer System) Bill (the“proposed legislation”), is still at an early stage
Continue Reading Hong Kong: A Practical Guide to the Proposed Critical Infrastructure Cybersecurity Legislation
The Federal Trade Commission (FTC) reiterated its long-held view that hashing or pseudonymizing identifiers does not render data anonymous, in a post to its Technology Blog on July 24, 2024.
In the rather strongly worded post, while acknowledging that hashing and pseudonymizing data has the benefit of obscuring the underlying personal data, the FTC
Continue Reading FTC Reiterates that Hashed and Pseudonymized Data is Still Identifiable Data
On Monday 29 April, new cyber security requirements entered into force in the United Kingdom. They apply to connected products sold to consumers and place obligations on the manufacturers, importers and distributors of those products.
Background
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (Regulations) are the
Continue Reading UK: New cyber security requirements for consumer productsThis month, the Department of Homeland Security (“DHS”) Cybersecurity and Infrastructure Security Agency (“CISA”) released its long-awaited proposed draft regulations pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA” or the “Act”).
The Act was enacted on March 15, 2022, following several significant and disruptive cyberattacks on critical infrastructure in the
Continue Reading US CIRCIA Update: CISA Proposed Regulations Released
2023 was a busy year for the Court of Justice of the European Union (CJEU), with the issuance of a number of far-reaching judgments on the interpretation and application of the GDPR.
In December 2023, the CJEU delivered two important decisions which supplement a growing body of jurisprudence on the issuance of administrative fines and
Continue Reading CJEU Insight
Since the enactment of Singapore’s Cybersecurity Act (Act) in August 2018, the digital battlefield has transformed dramatically. The nation’s move towards digitalisation has not only spurred the growth of Singapore’s digital economy but also brought new cyber threats and challenges to the fore.
Given this, the Cyber Security Agency of Singapore (CSA
Continue Reading Imminent Changes to Singapore’s Cybersecurity Act: New Obligations on Service ProvidersSweeping Amendments to NYDFS Cybersecurity Regulation
On November 1, 2023, the New York Department of Financial Services (NYDFS) announced extensive amendments to its cybersecurity requirements for financial institutions issued under 23 NYCRR Part 500. The amendments are intended to address the evolution in the cybersecurity landscape since the regulation was first enacted in 2017, including
Continue Reading US: Regulators Enhance Information Security Requirements for Financial Services CompaniesImplicit within Delaware law, and now explicit in the SEC Cyber Rules, is the concept of adequate governance. It is not what the FTC just said on a particular topic, the latest guidance from a Data Protection Authority, what the NIST framework provides, or a set of controls in any particular subject area regarding privacy
Continue Reading US: Understanding Governance–A Path for Privacy and Security Governance
