Search for:
Category

Cybersecurity, Data and Tech

Category

The new Cyber Security Bill 2024 (“Bill”) was tabled for first reading at the Malaysian Parliament on 25 March 2024. The Bill aims to provide a regulatory framework for the safeguarding of Malaysia’s cyber security landscape by requiring national critical information infrastructure entities to comply with certain measures, standards and processes in the management of the cyber security threats and cyber security incidents. To achieve such objectives, the Bill provides for, among others, the establishment of the National Cyber Security Committee, the duties and powers of the Chief Executive, the appointment of national critical information infrastructure sector leads, the designation of national critical information infrastructure entities and the licensing of cyber security service providers.

While not new, AI is one of the key drivers of change and could boost productivity and cut costs. The use of distributed ledger technology is creating new products and services such as central bank digital currencies that could bring the unbanked to the financial mainstream. And the use of biometrics authentication promises to enhance the security available to users. While quantum computing remains beyond the next decade, it could have wide-ranging benefits to financial institutions but also leave the sector exposed to a higher level of cyberattacks.

The new Cyber Security Bill 2024 (“Bill”) was tabled for first reading at the Malaysian Parliament on 25 March 2024. The Bill aims to provide a regulatory framework for the safeguarding of Malaysia’s cybersecurity landscape by requiring national critical information infrastructure entities to comply with certain measures, standards and processes in the management of the cybersecurity threats and cybersecurity incidents. To achieve such objectives, the Bill provides for, among others, the establishment of the National Cyber Security Committee, the duties and powers of the Chief Executive, the appointment of national critical information infrastructure sector leads, the designation of national critical information infrastructure entities and the licensing of cybersecurity service providers.

On March 22, 2024, the Cyberspace Administration of China issued the long-awaited Provisions on Facilitating and Standardizing Cross-Border Data Flow (the “New CBDT Rules”), which took effect from the same date. With the New CBDT Rules being promulgated, the Chinese government finally released positive signals with moderate relaxation of its stringent control over CBDT activities since the promulgation of the Personal Information Protection Law of the PRC in 2021, and the implementation of CBDT security assessment and China Standard Contract for Cross-Border Transfer of Personal Information starting from late 2022.

The National Privacy Commission (NPC) recently issued NPC Circular No. 2023-05, which sets out the prerequisites for certification under the Philippine Privacy Mark Certification Program.
The NPC Privacy Mark, obtained through the PPM Certification Program, offers the highest level of assurance on data privacy compliance and secure cross-border data transfers of personal information controllers and personal information processors. It helps data subjects identify organizations they can entrust their personal data with.
The Circular took effect on 15 March 2024.

The Personal Data Protection Commission (PDPC) has issued the finalized Advisory Guidelines on the Use of Personal Data in AI Recommendation and Decision Systems (“Guidelines”). These Guidelines provide guidance on the use of personal data during three stages of AI system implementation: development, deployment (business-to-consumers) and procurement (business-to-business). In particular, the Guidelines clarify and elaborate on the application of the Consent Obligation and Notification Obligation, and their exceptions, under the Personal Data Protection Act (PDPA) to the use of personal data in AI systems.

Email is the central means of communication in business organizations. Mailboxes are a valuable source of information, particularly in the event of termination of employment relationships or suspected breaches of duty. However, access to emails is restricted and requires careful consideration of the interests of both employer and employee on a case-by-case basis.

On 7 March 2024 at the American Bar Association’s 39th National Institute on White Collar Crime, Deputy Attorney General Lisa Monaco announced several new initiatives the Department of Justice is implementing to address concerns around the use of AI in federal criminal activity along with potential corporate compliance failures that might facilitate the misuse of AI.