Cybersecurity, Data and Tech Archives

In Cybersecurity, Data and Tech

Singapore: Cyber Security Agency unveils new guidelines to enhance AI security — public consultation open

August 21, 2024 by Andy Leck, Ren Jun Lim, Ken Chia, Sanil Khatri and Daryl Seetoh 3 Mins Read

The Cyber Security Agency (CSA) has just released Guidelines on Securing AI Systems (“Guidelines”) and a Companion Guide on Securing AI Systems (“Companion Guide”).
The Guidelines advocate for a “secure by design” and “secure by default” approach, addressing both existing cybersecurity threats and emerging risks, such as adversarial machine learning. The aim is to provide system owners with principles for raising awareness and implementing security controls throughout the AI lifecycle.
The Companion Guide is an open-collaboration resource, and while not mandatory, it offers guidance on useful measures and controls informed by industry best practices, academic insights and resources such as the MITRE ATLAS database and OWASP Top 10 for Machine Learning and Generative AI.

In Antitrust / Competition

United Kingdom: DMCC – Consumer protection – Spotlight on online reviews

August 21, 2024 by Helen Brown, Julia Hemmings and Cara Heaslip 5 Mins Read

The UK Government passed the long-awaited Digital Markets, Competition and Consumers Act (DMCC) on 24 May 2024.
The DMCC will bring radical change to the enforcement of consumer law in the UK, introducing new powers for the CMA to issue direct fines of up to 10% of global annual turnover for breaches. This spotlight series will focus on the substantive changes to consumer law introduced by the DMCC, and how it compares to the position in the EU.

In Cybersecurity, Data and Tech

Hong Kong: The first critical infrastructure cybersecurity law is on the horizon

August 7, 2024 by Isabella F. C. Liu, Dominic Edmondson and Jacqueline Wong 8 Mins Read

On 25 June 2024, the Government proposed to enact a new piece of cybersecurity legislation, tentatively entitled the Protection of Critical Infrastructure (Computer System) Bill, to enhance the protection of computer systems of critical infrastructures (CIs). On 2 July 2024, the proposed legislative framework was tabled to the Legislative Council Panel on Security for consultation. The proposed legislation would require CI operators to fulfill certain statutory obligations and take appropriate measures to strengthen the security of their critical computer systems and minimize the chance of essential services being disrupted or compromised due to cyberattacks. It is proposed that a new Commissioner’s Office is to be established under the Government’s Security Bureau for the implementation of the proposed legislation.

In Cybersecurity, Data and Tech

United States: SolarWinds landmark ruling – Amid defense victories, questions remain on individual liability and material misstatements of fact

August 7, 2024 by Justine Phillips, Elizabeth Roper and Jerome Tomas 11 Mins Read

In a landmark decision on July 18, 2024, Judge Paul Englemayer of the Southern District of New York dismissed most charges in the SEC’s enforcement action against SolarWinds and its CISO, Timothy Brown. The court ruled that cybersecurity controls are not part of a company’s “system of internal accounting controls” under Section 13(b)(2)(B)(iii) of the Exchange Act, dismissing these claims. However, the court upheld charges that SolarWinds and Brown misled investors with public statements about their cybersecurity program. This case, stemming from the SUNBURST attack, highlights the importance of detailed risk disclosures and accurate public-facing statements on cybersecurity.

In Cybersecurity, Data and Tech

Argentina: ENACOM repeals ITC Services’ pricing regulations

August 7, 2024 by Guillermo Cervio and Martin A. Roth 1 Min Read

Through Resolution No. 13/2024, the National Communications Authority (ENACOM) repealed certain resolutions that regulated the fixing of prices of information and communication technology services. Pursuant to Decree No. 302/2024, the National Executive Power deregulated ITC Services, modifying Argentine Digital Law No. 27,078 and repealing Decree No. 690/2020, which eliminated the power of ENACOM to regulate prices. The Resolution seeks to promote the expansion of services, fostering a more competitive environment in the ITC industry.

In Cybersecurity, Data and Tech

Malaysia Introduces Licensing for Social Media and Internet Messaging Services

August 7, 2024 by Kherk Ying Chew, Serene Kan and Karine Chaw 3 Mins Read

The Malaysian Communications and Multimedia Commission (“MCMC”) has announced its intention to introduce a new licensing regime for social media services and internet messaging services on 1 August 2024, with enforcement effective from 1 January 2025 onwards.

Under the current licensing framework, social media services and internet messaging services are exempted from the licensing requirement under the Communications and Multimedia Act 1998 (“CMA”) pursuant to the Communications and Multimedia (Licensing) (Exemption) Order 2000.

In Cybersecurity, Data and Tech

Japan: Personal Data Protection Commission – Announces Interim Report of Triennial Review

August 5, 2024 by Kensaku Takase, Daisuke Tatsuno, Tsugihiro Okada, Ayako Suga and Ayako Nakano 9 Mins Read

On 27 June 2024, the Personal Information Protection Commission (PPC), Japan’s data protection authority, released the “Interim Report on Considerations for the Triennial Review of the Act on Protection of Personal Information” (“Interim Report”). The Interim Report summarizes discussions within the PPC on issues surrounding the Act on Protection of Personal Information (APPI) from November 2023 to June 2024. The Interim Report is in accordance with amendments made to the APPI in 2020 requiring the PPC to review the provisions of the APPI every three years.

In Cybersecurity, Data and Tech

Vietnam: New draft Law on Digital Technology Industry and draft Data Law

July 31, 2024 by Manh Hung Tran, Huu Tuan Nguyen, Huyen Minh Nguyen and Tuan Linh Nguyen 6 Mins Read

The Vietnamese authorities recently released two draft laws, including the draft Data Law and the draft Law on Digital Technology Industry, for public comments. These proposed laws seek to address various issues in the fields of data and digital technology, with the potential to significantly impact businesses across various industries.

In Cybersecurity, Data and Tech

Malaysia: Personal Data Protection (Amendment) Bill 2024

July 31, 2024 by Kherk Ying Chew, Serene Kan and Chun Hau Ng 7 Mins Read

The long-awaited Personal Data Protection (Amendment) Bill 2024 has now been made publicly available. Among the key changes it seeks to introduce are: direct obligations for data processors, mandatory data breach notification, requirement to appoint data protection officer(s), new data subject rights on data portability, an expanded definition of sensitive personal data, and a general legal basis for cross-border transfers.

In Cybersecurity, Data and Tech

Hong Kong: New personal data privacy framework for the adoption of artificial intelligence (AI) published

July 31, 2024 by Isabella F. C. Liu, Dominic Edmondson and Jacqueline Wong 2 Mins Read

On 11 June 2024, the Office of Privacy Commissioner for Personal Data published the “Artificial Intelligence: Model Personal Data Protection Framework” (“AI Framework”). The AI Framework aims to provide practical recommendations for organizations in their adoption of third-party AI systems to comply with the Personal Data (Privacy) Ordinance.