Cyber security: A month in retrospect (Australia) – March 2024

It has been an interesting month in the cyber world. We know it has been incredibly busy, but a limited number of incidents are breaking the “media-surface”. We continue to monitor the fallout from the BlackCat / LockBit takedowns, we take a keen interest in international developments, and we proudly launch our latest “Cross Examining … Read more

How open is open source? Averted cyber attack indicates watershed moment in open source supply chain security and poses important questions on software liability

Malicious code in open source software XZ Utils revealed a years-long compromise effort to gain remote administrator access to Linux systems. The cyber operation could have resulted in an unprecedented open source supply chain attack and was averted through the accidental discovery by a software engineer. The incident sheds light on the culture of trust … Read more

Information Commissioner’s Office issues new guidelines on data protection fines

On 18 March 2024, the Information Commissioner’s Office (the “ICO“), issued its Data Protection Fining Guidance (the “Guidance“) on issuing fines under the UK General Data Protection Regulation (the “UK GDPR“) and the Data Protection Act 2018 (the “DPA 2018“). The guidance replaces the sections about penalty notices in the ICO’s Regulatory Action Policy which was published … Read more

Cyber Monthly Wrap-up (UK, EMEA and the US) – November 2023

Welcome to HSF's November wrap up; our top picks for cyber-related news in the UK, EMEA and US. Our short summary and commentary is aimed at giving you the awareness and insights you need, with minimum time investment. Below you will find:
  • Developments in regulatory requirements and guidance;
  • Wider cyber industry news; and
  • Particularly noteworthy (reported) cyber incidents.
Read more

Future of Consumer APAC: Confronting complexity in cybersecurity trends for the consumer sector

Cameron Whittfield and Peggy Chow discuss the latest cybersecurity trends for consumer-facing companies including external threats which may include working with third parties and complex supply chains through to the malicious targeting of companies with ransomware, current affairs and social engineering, the cryptocurrency marketplace and geopolitical factors. They emphasise the importance of internal stakeholders speaking … Read more

Article published – Lloyd v Google: the upshot for data class actions

The exponential growth in the volume of data being collected and shared, along with the ease and reduced costs of gathering, analysing, using and exploiting data, has resulted in a corresponding increase in data protection laws and regulations. Against that background, data class actions have been a growing phenomenon, driven in part by the interest of claimant law firms and litigation funders in this area. Read more

Implementation of the new EU standard contractual clauses and obligation to undertake a “TIA” – are you prepared?

The new EU standard contractual clauses (New EU SCCs) came into force on 27 September 2021 for the transfer of personal data from the EEA to third countries under the EU General Data Protection Regulation (EU 2016/679) (GDPR). The European Commission Implementing Decisions ((2001/497/EC) and (2010/87/EU)) which incorporated the previous standard contractual clauses (Old EU SCCs), were repealed on that day. Read more

Supreme Court finds claim for compensation under data protection legislation cannot proceed on “opt-out basis” in high profile Lloyd v Google case

In its judgment this morning the Supreme Court has overturned the Court of Appeal's decision in the high profile Lloyd v Google case, which would have opened the floodgates for class actions for compensation for loss of control of personal data to be brought on behalf of very large numbers of individuals without identifying class members: Lloyd v Google LLC [2021] UKSC 50. Read more