Cybersecurity, Data and Tech Archives

In Cybersecurity, Data and Tech

Philippines: NPC issues new guidelines on the processing of sensitive personal information for legal claims

September 17, 2024 by Bienvenido A. Marquez III, Divina Pastora V. Ilas-Panganiban and Marianne Angeli Estioco 5 Mins Read

The National Privacy Commission (NPC) recently issued NPC Advisory No. 2024-02, which lays down guidelines on the processing of sensitive personal information for the protection of lawful rights and interests or the establishment, exercise or defense of legal claims, pursuant to Section 13(f) of the Data Privacy Act (DPA).
Entities who process sensitive personal information or privileged information must ensure that such processing is compliant with the guidelines provided in the Advisory. A legitimate interest assessment will be helpful in evaluating compliance with NPC Circular No. 2023-07.

In Cybersecurity, Data and Tech

United States: US lawmakers push for child safety online amid constitutional battles

September 17, 2024 by Jonathan Tam 8 Mins Read

In recent years, both US state and federal legislatures have intensified efforts to enact laws aimed at safeguarding minors in the digital world. However, several court rulings have found that these legislative actions overstepped constitutional limits. This article highlights key legislative initiatives at the US federal level and in California and Texas to protect children and teenagers online, and lawsuits challenging the legality of the California and Texas measures, as of early September 2024.

In Cybersecurity, Data and Tech

Singapore: Cyber Security Agency provides insight into managing cybersecurity risks in generative AI and large language models

September 4, 2024 by Andy Leck, Ren Jun Lim, Ken Chia, Sanil Khatri and Daryl Seetoh 3 Mins Read

In a recent article, The Cybersecurity of Gen-AI and LLMs: Current Issues and Concerns, the Cyber Security Agency of Singapore provides helpful commentary on the security and privacy challenges associated with generative artificial intelligence and large language models. The article outlines issues such as accidental data leaks, vulnerabilities in AI-generated code and potential misuse of AI by malicious actors, before providing recommendations on the steps that technology companies can take to address these concerns.

In Cybersecurity, Data and Tech

Brazil: National Consumer Secretariat establishes transparency and data quality criteria for digital platforms

September 4, 2024 by Renata Campetti Amaral, Marcela Trigo, Flávia Rebello Pereira and Alexandre Salomão Jabra 3 Mins Read

On 30 July 2024, the National Consumer Secretariat published Technical Note No. 2/2024/Gab-DPDC/DPDC/SENACON/MJ, providing for the Ads Quality Criteria and Data Quality Criteria, as transparency parameters to be adopted and complied with by digital platforms in Brazil. The recent Technical Note established transparency criteria applicable to platforms, mentioning the need to comply with dignity, health, safety, protection and harmony within consumer relations.

In Cybersecurity, Data and Tech

Malaysia Cyber Security Act 2024 and subsidiary regulations – in force on 26 August 2024

September 3, 2024 by Kherk Ying Chew and Serene Kan 9 Mins Read

Malaysia’s Cyber Security Bill 2024 was passed by both houses of the Malaysian Parliament on 27 March 2024 (Dewan Rakyat) and 3 April 2024 (Dewan Negara) respectively. Subsequent to its Royal Assent on 18 June 2024 and publication in the Official Gazette on 26 June 2024, the Malaysia Cyber Security Act 2024, together with four subsidiary regulations, came into force on 26 August 2024.

In Cybersecurity, Data and Tech

Brazil: Data Protection authority publishes regulation on international transfer of personal data and standard contractual clauses

September 3, 2024 by Flavia Amaral and Flávia Rebello Pereira 3 Mins Read

The Brazilian Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19, which creates the procedures and rules for recognizing the suitability of other countries or international bodies to carry out international personal data transfer operations, as well as approving the standard contractual clauses that may be used by processing agents to legitimize the international transfer of personal data.

In Cybersecurity, Data and Tech

Philippines: Updated framework issued on the use of closed-circuit television systems

September 3, 2024 by Bienvenido A. Marquez III, Divina Pastora V. Ilas-Panganiban and Marianne Angeli Estioco 3 Mins Read

The National Privacy Commission (NPC) recently issued NPC Circular No. 2024-02 (“Circular“), which provides an updated policy framework on the use of closed-circuit television (CCTV) systems. The Circular is intended to address emerging privacy risks arising from the use of CCTV systems, and to enable data controllers and processors to properly manage personal data processing carried out through such systems.

The Circular took effect on 27 August 2024.

In Cybersecurity, Data and Tech

Malaysia: Public consultations on data breach notification, data protection officer and data portability

September 3, 2024 by Kherk Ying Chew, Serene Kan and Chun Hau Ng 6 Mins Read

Following the passing of the Personal Data Protection (Amendment) Bill 2024 by the Malaysian Parliament in July 2024, three public consultation papers have been issued in relation to the implementation of the following impending new legal obligations:

Notifying the Personal Data Protection Commissioner and affected data subjects for personal data breach.
Appointing data protection officer(s).
Effecting the data subject’s right to data portability.

The deadline to provide feedback is 6 September 2024 (Friday).

In Cybersecurity, Data and Tech

Hong Kong: The first critical infrastructure cybersecurity law is on the horizon

September 3, 2024 by Isabella F. C. Liu, Dominic Edmondson and Jacqueline Wong 8 Mins Read

On 25 June 2024, the Government proposed to enact a new piece of cybersecurity legislation, tentatively entitled the Protection of Critical Infrastructure (Computer System) Bill, to enhance the protection of computer systems of critical infrastructures (CIs). On 2 July 2024, the proposed legislative framework was tabled to the Legislative Council Panel on Security for consultation. The proposed legislation would require CI operators to fulfill certain statutory obligations and take appropriate measures to strengthen the security of their critical computer systems and minimize the chance of essential services being disrupted or compromised due to cyberattacks.