Support Centre
Cybersecurity
workspace-icon
Back

Cybersecurity

See all News
06 December 2022

Switzerland: NCSC becomes federal office under DDPS

The National Cyber Security Centre ('NCSC') announced, on 2 December 2022, that the Federal Council had decided, during its meeting on the same date, that the NCSC, currently a unit in the General Secretariat of the Federal Department of Finance ('FDF'), would become a new federal office located within the Federal Department of Defence, Civil Pr

Supervisory Authority, Breach Notification, Cybersecurity,
06 December 2022

Australia: OAIC investigates Medibank over data breach 

The Office of the Australian Information Commissioner ('OAIC') announced, on 1 December 2022, that it had commenced an investigation into the personal information handling practices of Medibank Limited in relation to its notifiable data breach, following preliminary inquiries commenced into the matter in October 2022.

Privacy Law Principles, Breach Notification, Cybersecurity, Incident and Breach,
06 December 2022

Australia: OAIC investigates Medlab Pathology

The Office of the Australian Information Commissioner ('OAIC') announced, on 5 December 2022, that it had commenced an investigation into the personal information handling practices of Medlab Pathology, owned by Australian Clinical Labs, in relation to its notifiable data breach.

Privacy Law Principles, Breach Notification, Cybersecurity, Incident and Breach,
05 December 2022

Mozambique: INTIC publishes draft Cybersecurity Bill

The National Institute of Information and Communication Technologies ('INTIC') published, on 22 November 2022, a draft Cybersecurity Bill. In particular, the bill aims to guarantee the security of citizens and institutions, as well as to ensure the protection of digital networks, information systems, and critical infrastructures in cyberspace.

Privacy Law Reform, Cybersecurity,
02 December 2022

International: Brazil accedes to Cybercrime Convention and six countries sign protocol on electronic evidence

The Council of Europe announced, on 1 December 2022, that Brazil had deposited the instrument of accession for the Budapest Convention on Cybercrime ('the Convention') and that six countries had signed the second additional protocol to the Convention on enhanced co-operation and disclosure of electronic evidence ('the second additional protocol'

Standards and Frameworks, Cybersecurity,
02 December 2022

China: TC260 requests comments on enterprise data protection requirements

The National Information Security Standardisation Technical Committee ('TC260') requested, on 1 December 2022, public comments on the draft Standard on Industrial Internet Enterprise Network Security Part 4: Data Protection Requirements.

Standards and Frameworks, Cybersecurity,
01 December 2022

Nigeria: NITDA issues advisory on WhatsApp data breach

The National Information Technology Development Agency ('NITDA') announced on Twitter, on 30 November 2022, an advisory on the alleged WhatsApp LLC data breach. In particular, the NITDA noted that the alleged data leakage affected 500 million WhatsApp users' mobile phone numbers globally, including over 9 million Nigerian users.

Telecommunications and Electronic Communications, Incident and Breach, Apps,
01 December 2022

Greece: Bill on protection of communications and privacy introduced in Parliament

The Ministry of Justice announced, on 29 November 2022, that the Communications Deprivation, Cyber Security and Privacy Bill had been tabled in the Greek Parliament.

Privacy Law Reform, Cybersecurity,
30 November 2022

Australia: Parliament passes Government Privacy Penalty Bill

The Australian Government announced, on 28 November 2022, that Parliament had approved the Government's Privacy Penalty Bill, namely the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022.

Privacy Law Reform, Supervisory Authority, Incident and Breach,
30 November 2022

EU: EDPS and ENISA sign MoU

The European Data Protection Supervisor ('EDPS') and the European Union Agency for Cybersecurity ('ENISA') announced, on 30 November 2022, that they had signed a Memorandum of Understanding ('MoU') which establishes a strategic cooperation framework between them.

Public Sector, Cybersecurity,
29 November 2022

Switzerland: FDPIC addresses breach of 550M WhatsApp user data

The Federal Data Protection and Information Commissioner ('FDPIC') addressed, on 25 November 2022, media reports that the personal information of approximately 550 million users of WhatsApp LLC were available for sale on the dark web.

Telecommunications and Electronic Communications, Incident and Breach, Apps,
29 November 2022

Italy: Garante fines Valle d'Aosta Local Health Authority €40,000 for security failures in relation to patients' data

The Italian data protection authority ('Garante') announced, on 28 November 2022, in its monthly newsletter, the publication of its Decision No.

Fines, Privacy Law Principles, Health and Pharmaceutical, Public Sector, Cybersecurity,
28 November 2022

EU: Council adopts DORA

The Council of the European Union announced, on 28 November 2022, the adoption of Regulation on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 ('DORA'), thus marking the final step in the legislative process, following the

Financial Services, Cybersecurity,
28 November 2022

EU: BEUC issues recommendations for PSD2 review

The European Consumer Organisation ('BEUC') published, on 21 November 2022, its position paper with recommendations for reviewing the Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on Payment Services in the Internal Market, Amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU)

Standards and Frameworks, Financial Services, Cybersecurity,
28 November 2022

EU: Council adopts NIS2 Directive

The Council of the European Union announced, on 28 November 2022, that it had adopted the Directive on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 ('NIS2 Directive'), following the European Parliament's

Standards and Frameworks, Cybersecurity,
28 November 2022

Singapore: PDPC fines Farrer Park Hospital SGD 58,000 for data breach

The Personal Data Protection Commission ('PDPC') published, on 18 November 2022, its decision in Case No. DP-2007-B66646, in which it imposed a fine of SGD 58,000 (approx. €40,419) on Farrer Park Hospital Pte. Ltd., for violations of Section 24 of the Personal Data Protection Act (No. 26 of 2012) ('PDPA'), following a data breach.

Fines, Health and Pharmaceutical, Incident and Breach,

Global Cybersecurity Laws

Request a jurisdiction

Global Cybersecurity Laws

       
  •         There is a requirement in place.    
    •    
  •         Click to view information for additional detail.    
    •    
  •         There is no requirement in place.    
    title
  • Governing Texts
    Implementation of a framework
  • Training and Awareness
  • Risk Assessments
  • Vendor Management
  • Accountability
    title
  • Data Security
  • Notification of Cybersecurity Incidents
  • Registration with authority
  • Appointment of a security officer
  • Sector Specific
  • Penalties
  • Argentina
  • Australia
  • Bangladesh
  • Belarus
  • Brazil
  • British Columbia
  • Canada Federal
  • Egypt
  • GLBA Safeguards Rule
  • HIPAA
  • Jordan
  • Kazakhstan
  • Kenya
  • Saudi Arabia
  • Turkey
  • Ukraine

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

NIS Directive

Request a jurisdiction

NIS Directive

  • There is a requirement in place.
  • Click to view information for additional detail.
  • There is no requirement in place.
    Governing Texts
  • Specific legislation
  • Regulatory authority guidance
    Scope of Application
  • Network and information systems
  • Critical Information Systems
  • Operator of Essential Services
  • Cloud Computing Services
  • Digital Service Providers
    Requirements
  • Security Measures
  • Notification
  • Registration
  • Security Officer
  • Other
    title
  • Penalties
  • Austria
  • Belgium

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

US State Cybersecurity Laws

Request a jurisdiction

US State Cybersecurity

  • There is a requirement in place.
  • Click to view information for additional detail.
  • There is no requirement in place.
    title
  • Governing Texts
    title
  • Scope of Application
    General Requirements
  • Cybersecurity framework
  • Notification
  • Security Officer
  • Other
    Sectoral
  • Insurance
  • Health
  • Financial
    title
  • Penalties
  • Alabama
  • California

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.