Category: Legislation

Dan Cooper, Benjamin Haley, Deon Govender, Ahmed Mokdad, and Mosa Mkhize of Covington and Burling write: On April 7, 2025, South Africa’s Information Regulator announced a new requirement for organizations to report data breaches—referred to under local law as “security compromises”—via an online eServices Portal. The announcement marks a significant procedural shift in how companies must comply with…

Claire Doneley reports: On 4 December 2023, the Queensland Parliament gave assent to the Information Privacy and Other Legislation Amendment Act 2023 (Qld) (Act), with privacy reforms to the Information Privacy Act 2009 (Qld) (IP Act) to commence 1 July 2025. You can read more about that here. In Queensland it has not been compulsory for agencies to notify the…

Georgia Sweeting reports: The UK government has announced the full scope of its upcoming Cyber Security and Resilience Bill, which aims to strengthen the country’s digital defences and reduce the growing risks posed by cyber threats.  Set to be introduced later this year, the bill will place tougher cybersecurity requirements on organisations that provide essential services,…

Hunton Andrews Kurth writes: On March 28, 2025, the Cyberspace Administration of China issued draft amendments to China’s Cybersecurity Law (“Draft Amendment”) for public comment until April 27, 2025. The Draft Amendment aims to harmonize relevant provisions of the Personal Information Protection Law (“PIPL”), Data Security Law (“DSL”) and Law of Administrative Penalties, all of…

Lo Hoi-ying reports: Hong Kong’s legislature has approved the city’s first bill targeted at cybersecurity for computer systems needed for critical infrastructure, with operators facing fines of up to HK$5 million (US$643,000) for failing to keep them up to date. The Legislative Council on Wednesday passed the Protection of Critical Infrastructure (Computer System) Bill amid…