Search for:
Category

Cybersecurity, Data and Tech

Category
In Cybersecurity, Data and Tech

Singapore: Vendors may need to obtain cybersecurity certifications before they can be licensed or bid for certain government contracts

by , , , and 4 Mins Read

In a joint response to a public forum letter, the Monetary Authority of Singapore (MAS) and the Cyber Security Agency of Singapore (CSA) announced that they are considering requiring vendors to obtain national cybersecurity certifications, namely the Cyber Essentials or Cyber Trust mark, before they can be licensed or bid for government contracts involving access to sensitive data or systems.
This move follows a recent data breach involving a third-party vendor and underscores the growing regulatory focus on third-party cybersecurity risks.

Read More
In Cybersecurity, Data and Tech

United States: The time is now for U.S. companies to examine their cross-border data transfers

by , and 9 Mins Read

In an era of intensifying geopolitical tensions, companies with operations in the U.S. must navigate an increasingly fragmented and national security-driven regulatory landscape governing cross-border transfers of many different types of data, including personal data and technical information used in R&D and patent filings. The US Department of Justice’s new Data Security Program (DSP) essentially prohibits US persons from making certain volumes of Americans’ personal data available to entities headquartered or residing in China (including Hong Kong and Macau), Russia, Venezuela, Iran, Cuba, or North Korea, or their subsidiaries in other countries, unless an exception applies.

In AML & Financial Services Regulatory

South Africa: Coin vs. Capital – Cryptocurrency is not subject to exchange control

by and 7 Mins Read

In a landmark ruling, the Pretoria High Court in Standard Bank v South African Reserve Bank ruled that cryptocurrencies do not constitute “capital” under South Africa’s Exchange Control Regulations. This means crypto assets are not subject to the country’s strict exchange control regime, offering long-awaited clarity for the crypto industry. While this judgment removes the need for SARB approval to export crypto, the relief may be temporary, as future legislative amendments could reassert regulatory oversight. For now, the decision marks a significant shift in how digital assets are treated under South African financial law.

In Cybersecurity, Data and Tech

United States: Retailer fined for cookie consent misconfigurations and excessive opt-out hurdles

by , , and 3 Mins Read

On 6 May 2025, the California Privacy Protection Agency (CPPA) announced an enforcement action against clothing designer Todd Snyder, Inc. to pay a fine of USD 345,178 and adopt new practices to resolve violations of the California Consumer Privacy Act (CCPA). The CPPA alleged that the retailer violated the CCPA by: (i) imposing excessive hurdles for consumer requests to opt out of third-party tracking technologies; (ii) failing to honor these requests because of misconfigurations; and (iii) failing to monitor its consent management platform.

Read More
In Cybersecurity, Data and Tech

Indonesia: Regulation on online child safety issued! New obligations to protect the younger generation

by , , , and 6 Mins Read

The Indonesian government has just issued a much-anticipated regulations that is closely connected with two important elements in society: children and technology. This new regulation introduces new obligations and prohibitions for electronic system operators in relation to the access and use of electronic systems by children.

In Cybersecurity, Data and Tech

South Africa: Amendments to the POPIA regulations – Key changes you need to know

by and 7 Mins Read

In April, the Information Regulator published amendments to the Protection of Personal Information Act (POPIA) Regulations, significantly enhancing privacy protections for South Africans. These changes simplify the processes for objecting to data processing, requesting corrections or deletions, and obtaining consent for direct marketing. They also introduce new responsibilities for information officers and allow for administrative fines to be paid in installments.

In Cybersecurity, Data and Tech

Malaysia: Cross Border Personal Data Transfer Guideline

by and 1 Min Read

Following the public consultation in 2024, the Personal Data Protection Commissioner has now issued the Personal Data Protection Guideline on Cross Border Personal Data Transfer (Guideline).
The Guideline provides guidance on the operationalization of section 129 of the Personal Data Protection Act 2010 and sets out specific responsibilities of data controllers when transferring personal data to any place outside Malaysia.

Read More
In Anti-Corruption

Mexico: New legal framework in matters of transparency, protection of personal data and access to public information

by , , and 6 Mins Read

On 20 March 2025, the decree enacting the General Law of Transparency and Access to Public Information, the General Law for the Protection of Personal Data in Possession of Obligated Entities, the Federal Law for the Protection of Personal Data in Possession of Private Parties, and the amendment to Article 37, Section XV, of the Organic Law of the Federal Public Administration was published in the Official Gazette of the Federation.

In Cybersecurity, Data and Tech

Singapore: Infocomm Media Development Authority unveils GenAI initiatives to propel AI adoption and digital transformation

by , , , and 3 Mins Read

The Infocomm Media Development Authority of Singapore (IMDA) is launching two initiatives, the generative AI (GenAI) Playbook and the GenAI Navigator, to make artificial intelligence (AI) more accessible to Singapore businesses and to increase its adoption locally.

Read More
Load More