On 28 October 2025, China passed amendments to the Cybersecurity Law, marking the first update since its enactment in 2016. These amendments reflect China’s heightened focus on cybersecurity and AI governance and are scheduled to take effect on 1 January 2026.
Key Updates
The amendments primarily focus on the law’s enforcement provisions. Key updates include:
Continue Reading CHINA: Amendments to Cybersecurity Law Effective 1 January 2026
The Threat
Malware usage by adversaries has reportedly declined. Partly due to sophisticated detection methods commonly deployed by medium to large organisations.
Conversely, insider threats (cybersecurity risks originating from within an organisation) are increasing, posing complex and costly challenges for businesses. CrowdStrike’s 2025 Global Threat Report indicates that insider threat operations accounted for 40% of
Continue Reading Insider Threat: Client Considerations and Justifications
Australian Clinical Labs (ACL) has been ordered to pay AUD5.8 million for breach of the Privacy Act 1988 (Cth) (Privacy Act) following a 2022 cyber incident which impacted the personal information of over 223,000 individuals. This is the first ever civil penalty proceeding under the Privacy Act.
ACL was held to
Continue Reading Australian Clinical Labs ordered to pay AUD5.8 million following cyber incident
Visible cyber fallout is everywhere. Impact to business operations (and therefore revenue) including halted production lines, emptied supermarket shelves, online payment unavailability, and patient backlogs have all brought cyber into the media and the boardroom at an alarming rate in the last year. Last week, the NCSC’s Annual Review 2025[1] showed impact climbing fast
Continue Reading UK: It’s time to act – the UK National Cyber Security Centre’s wake-up call for business leaders
Three years after its investigation commenced, the Office of the Australian Information Commissioner (OAIC) has found that retail giant Kmart Australia Limited (Kmart) breached the Privacy Act 1988 (Cth) (Privacy Act) through its use of facial recognition technology (FRT) in 28 retail stores between June 2020 and
Continue Reading Australia: Facial Recognition Technology Continues to Breach Australian Privacy Act
The Cyberspace Administration of China (“CAC“) has recently published the Administrative Measures for Network Security Incident Reporting (“Measures“), which provide further guidance on when and how to report network security incidents under existing laws such as the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law. The Measures
Continue Reading CHINA: new stricter and 4-hour data breach reporting requirements for certain incidents
What is data scraping?
Data scraping is an automated process through which computer programs extract vast amounts of data from the internet at a faster rate than manual data collection methods.
Some businesses scrape data for internal purposes, such as generating leads, or to create products and services available for public use, such as price
Continue Reading Australia: Scraping the barrel – when data scraping breaches the Privacy Act
The EU General Court has dismissed a French MEP’s challenge to the EU-U.S. Data Privacy Framework (“DPF”) for the transfer of personal data between the European Union (“EU”) and the United States (“U.S”). While the decision is welcome news to organisations relying on the DPF for transfers underpinning their
Continue Reading EU-U.S. Data Privacy Framework Survives First Challenge
Since the full enforcement of Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) in June 2022, the Personal Data Protection Committee (“PDPC”) has moved decisively from awareness-building to active enforcement. The transition emerged in 2024 when a leading e-commerce company was fined THB 7 million for breaching the law.
In
Continue Reading Thailand: PDPA Crackdown 2025: Are You Next? – Major Fines and Lessons from Thailand’s Latest Enforcement
