On 10 March 2022, the Information Commissioner’s Office (ICO) issued a monetary penalty notice to a professional services firm (the Firm) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection Regulation (GDPR). The Firm was the victim of a ransomware attack which it first became aware of on … Continue Reading
In response to the growing use of artificial intelligence (AI) by banks, the Hong Kong Monetary Authority (HKMA) has provided guidance to the banking industry on the use of AI applications. These are high level principles (set out briefly below) which banks are expected to take into account when designing and adopting their AI and … Continue Reading
The Securities and Futures Commission (the SFC) has issued a circular (the Circular) to licensed corporations (LCs) on the use of external electronic data storage providers[1] (EDSPs) and updated the frequently asked questions on the premises for business and record keeping in light of the Circular. In addition to setting out the SFC’s expectations for … Continue Reading
It has been 3 months since Australia’s Notifiable Data Breach Scheme (NDB Scheme)[1] came into force and, already, the Office of the Australian Information Commissioner (OAIC) is receiving many notifications of cyber-attacks and other data breaches – both voluntarily and under the NDB Scheme. We will see even greater awareness of cybersecurity and data protection … Continue Reading
