Future of Consumer APAC: Confronting complexity in cybersecurity trends for the consumer sector

    Cameron Whittfield and Peggy Chow discuss the latest cybersecurity trends for consumer-facing companies including external threats which may include working with third parties and complex supply chains through to the malicious targeting of companies with ransomware, current affairs and social engineering, the cryptocurrency marketplace and geopolitical factors. They emphasise the importance of internal stakeholders speaking … Read more

    US Congress enacts significant new law mandating cyber incident and ransomware reporting on businesses

    On March 15, 2022, US President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA or the Act) into law.  Under its provisions, a broad range of private and public-sector entities operating in “critical infrastructure” sectors will for the first time have mandatory reporting obligations in connection with “cyber incidents” and ransomware attacks.  Specifically, “covered entities” are required to report certain “substantial” cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of the event, and to report ransomware payments within 24 hours of payment. Read more

    Article published – Lloyd v Google: the upshot for data class actions

    The exponential growth in the volume of data being collected and shared, along with the ease and reduced costs of gathering, analysing, using and exploiting data, has resulted in a corresponding increase in data protection laws and regulations. Against that background, data class actions have been a growing phenomenon, driven in part by the interest of claimant law firms and litigation funders in this area. Read more

    Hong Kong, can you handle this? The HKMA proposes new standards for operational resilience

    Following the HKMA’s 21 April 2021 circular highlighting the additional guidance issued by the BCBS on 31 March 2021, namely the Principles for Operational Resilience and the Revised Principles for Sound Management of Operational Risk, the HKMA launched a consultation on 22 December 2021 on a new proposed Supervisory Policy Manual module OR-2 (Operational Resilience) and proposed amendments to existing SPM modules TM-G-2 (Business Continuity Planning) and OR-1 (Operational Risk Management) in order to align with the BCBS’s operational resilience guidance. Read more

    Implementation of the new EU standard contractual clauses and obligation to undertake a “TIA” – are you prepared?

    The new EU standard contractual clauses (New EU SCCs) came into force on 27 September 2021 for the transfer of personal data from the EEA to third countries under the EU General Data Protection Regulation (EU 2016/679) (GDPR). The European Commission Implementing Decisions ((2001/497/EC) and (2010/87/EU)) which incorporated the previous standard contractual clauses (Old EU SCCs), were repealed on that day. Read more

    Supreme Court finds claim for compensation under data protection legislation cannot proceed on “opt-out basis” in high profile Lloyd v Google case

    In its judgment this morning the Supreme Court has overturned the Court of Appeal's decision in the high profile Lloyd v Google case, which would have opened the floodgates for class actions for compensation for loss of control of personal data to be brought on behalf of very large numbers of individuals without identifying class members: Lloyd v Google LLC [2021] UKSC 50. Read more

    British Airways data class action settles

    Following a stay of proceedings to pursue ADR, a number of the claims being pursued as part of the Group Litigation known as the British Airways Data Event Group Litigation (the “BA GLO”) have now been settled. We last updated on the procedural developments in this case in February 2021, when a ruling was given … Read more