Insight on how cyber risk is being mitigated and managed across the globe.
By: Sarah Pearce and Veronica Muratori
One of the more practically significant outcomes of the European Data Protection Board (EDPB)’s June 2026 plenary session, was the adoption of a common template for personal data breach notifications under the GDPR.
Read MoreBy: Cameron Abbott, Daniel Knight, Rob Pulham, Alex Parker, Madison Jeffreys, Emre Cakmakcioglu and Annaliese Filippis
In a key decision against an Australian financial services licence (AFSL) holder, the Federal Court of Australia has ordered the AFSL holder to pay AU$2.5 million in penalties for inadequate cybersecurity measures. The Australian Securities and Investments Commission (ASIC) took action following a cyberattack on the AFSL holder’s IT systems, resulting in approximately 385GB of data being downloaded from its servers.
Read MoreBy: Dr. Thomas Nietsch and Noirin M. McFadden
The UK’s data protection regulator, the Information Commissioner’s Office (ICO) has published guidance for charities to use the new charitable purposes soft opt-in for electronic marketing.
Read MoreBy: Nicole H. Buckley and Whitney E. McCollum
Washington State Governor Bob Ferguson recently signed House Bill 2225 (the Chatbot Disclosure Act) into law, effective 1 January 2027. The Chatbot Disclosure Act requires people and entities who operate AI “companion” chatbots to provide clear and ongoing disclosure to Washington consumers that they are interacting with an automated system and not a human being.
Read MoreBy: Cameron Abbott and Rob Pulham
The Administrative Review Tribunal of Australia (Tribunal) has partially overturned the findings of the Privacy Commissioner on Bunnings’ use of facial recognition technology (FRT) in its stores.
Read MoreBy Cameron Abbott, Damien Timms and Maryam Ahmed (Graduate, Melbourne)
The NSW Government has announced legislative reforms that will enhance the surveillance powers of investigative agencies including NSW’s Independent Commission Against Corruption (ICAC).
Read MoreBy: Rob Pulham, Cameron Abbott, and Annaliese Filippis (Graduate, Melbourne)
The Office of the Australian Information Commissioner (OAIC), Australia’s privacy regulator, is conducting its first ever privacy compliance sweep, as of this January. The compliance sweep will include a review of the privacy policies of businesses that collect information in person.
Read MoreBy Cameron Abbott, Rob Pulham and Stephanie Mayhew
The Federal Court has ordered Australian Clinical Labs (ACL) to pay AU$5.8 million in civil penalties following a 2022 data breach involving its then-newly acquired Medlab Pathology business. The breach affected over 223,000 individuals whose data was accessed and infiltrated by malicious actors and is one of Australia’s most significant healthcare cyber incidents.
Read MoreBy: Rob Pulham, Cameron Abbott, and Maryam Ahmed
Not to be outdone by its regional peers, New Zealand updated its privacy laws with the passing of the Privacy Amendment Act 2025 (the Act) last month: see the NZ Privacy Commissioner’s media release here.
Read MoreBy: Cameron Abbott, Rob Pulham, and Stephanie Mayhew
This week the Australian Government released its Final Report on the Age Assurance Technology Trial. Its findings will underpin the coming into effect of new rules to implement the social media minimum age limit laws, required to be in place by December 10.
Read MoreCopyright © 2026, K&L Gates LLP. All Rights Reserved.