On March 15, 2022, US President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA or the Act) into law.  Under its provisions, a broad range of private and public-sector entities operating in “critical infrastructure” sectors will for the first time have mandatory reporting obligations in connection with “cyber incidents” and ransomware attacks.  Specifically, “covered entities” are required to report certain “substantial” cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of the event, and to report ransomware payments within 24 hours of payment. Read more

Following the HKMA’s 21 April 2021 circular highlighting the additional guidance issued by the BCBS on 31 March 2021, namely the Principles for Operational Resilience and the Revised Principles for Sound Management of Operational Risk, the HKMA launched a consultation on 22 December 2021 on a new proposed Supervisory Policy Manual module OR-2 (Operational Resilience) and proposed amendments to existing SPM modules TM-G-2 (Business Continuity Planning) and OR-1 (Operational Risk Management) in order to align with the BCBS’s operational resilience guidance. Read more

New security assessment rules, which are applicable to the transfer of both important data and personal information outside of China, have been issued for public consultation. Read more

UK Regulators will be working more closely together in future to oversee digital markets. Concerns about tech have increased during the pandemic with a sharp increase in cyber crime and the use of data collected during the pandemic causing concern amongst citizens. Data has become a more contentious area. Read more

This e-bulletin summarises the latest developments in cybersecurity and data protection in China. We focus on four areas: regulatory, enforcement, industry and international developments. Our Highlights Whilst the MIIT continues to crack down on mobile applications that infringes individuals’ interests in personal information, four ministries jointly issued the regulations setting out the scope of personal … Read more

This e-bulletin summarises the latest developments in cybersecurity and data protection in China. We focus on four areas: regulatory, enforcement, industry and international developments. Our Highlights The financial regulators have continued to increase their efforts to develop and protect financial data. The People’s Bank of China released new standards on enhancing the data capability of … Read more

Some of the key changes to the Personal Data Protection Act 2012 (“PDPA”) took effect on 1 February 2021. These include a mandatory breach notification regime and new consent exceptions, including an exception which may apply if an organisation has legitimate interests in the collection, use or disclosure of the personal data and the legitimate … Read more

2020 has been an active year for developments in China’s cybersecurity and data protection regimes. In this e-bulletin we highlight the major regulatory and enforcement developments during the year in three key areas: Security protection, where continuous regulatory efforts have been made to supplement technical standards in order to progress the establishment of the multi-level … Read more