Claire Doneley reports: On 4 December 2023, the Queensland Parliament gave assent to the Information Privacy and Other Legislation Amendment Act 2023 (Qld) (Act), with privacy reforms to the Information Privacy Act 2009 (Qld) (IP Act) to commence 1 July 2025. You can read more about that here. In Queensland it has not been compulsory for agencies to notify the…
Category: Legislation
2024 Year in Review: Data Breach Litigation
Seen at Wilmer Hale: One of the main risks for a company in the event of a data breach is the threat of litigation. Data breach litigation continued to proliferate in 2024, as it has in prior years. In the past year, plaintiffs continued to seek relief following data breaches under state common-law doctrines, and…
UK data centres, hospitals, and energy companies targeted by new cybersecurity laws
Georgia Sweeting reports: The UK government has announced the full scope of its upcoming Cyber Security and Resilience Bill, which aims to strengthen the country’s digital defences and reduce the growing risks posed by cyber threats. Set to be introduced later this year, the bill will place tougher cybersecurity requirements on organisations that provide essential services,…
China Regulator Proposes Amendments to Cybersecurity Law
Hunton Andrews Kurth writes: On March 28, 2025, the Cyberspace Administration of China issued draft amendments to China’s Cybersecurity Law (“Draft Amendment”) for public comment until April 27, 2025. The Draft Amendment aims to harmonize relevant provisions of the Personal Information Protection Law (“PIPL”), Data Security Law (“DSL”) and Law of Administrative Penalties, all of…
Hong Kong passes its first cybersecurity bill covering critical infrastructure
Lo Hoi-ying reports: Hong Kong’s legislature has approved the city’s first bill targeted at cybersecurity for computer systems needed for critical infrastructure, with operators facing fines of up to HK$5 million (US$643,000) for failing to keep them up to date. The Legislative Council on Wednesday passed the Protection of Critical Infrastructure (Computer System) Bill amid…
Swiss critical sector faces new 24-hour cyberattack reporting rule
Bill Toulas reports: Switzerland’s National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. According to the NCSC announcement, this new requirement is introduced as a response to the increasing number of cybersecurity incidents…