Insight on how cyber risk is being mitigated and managed across the globe.
By: Dr. Thomas Nietsch and Andreas Müller
On 31 July 2024 the Higher Regional Court of Koblenz (Oberlandesgericht Koblenz) has rejected an appeal to a verdict of the Regional Court of Koblenz (Landgericht Koblenz) for deletion of an interview published on YouTube, due to lacking a prospect of success (case number 4 U 238/23).
Read MoreBy: Cameron Abbott, Rob Pulham, and Lauren Hrysomallis
There appears to be a further delay to the long-anticipated privacy law reform legislation, most recently expected to be unveiled this month. But even with this delay the wait won’t be long; we could see a draft bill introduced in as little as three weeks’ time.
Read MoreBy: Aiko Yamada and Yuki Sako
On 31 July 2024, the Agency for Cultural Affairs, Government of Japan (the Agency) published “Checklist and Guidance related to AI and Copyrights” (the Checklist), suggesting some ideas to resolve unsettled issues related to “Do inputs to AI infringe copyrights?” (see our previous blog “Japanese Government Identified Issues Related to AI and Copyrights”) for AI developers as described below:
Read MoreBy: Cameron Abbott and Rob Pulham
In their recent article available here, Joseph Wylie, Kenn Brotman, and J. Morgan Dixon from our Chicago office discuss what changes to privacy law in Illinois will mean for company’s collecting or sharing individual’s biometric data.
In November 2020, accounting and consulting firm Nexia Australia (Nexia) was alerted to a “REvil” ransomware attack taking place within its system. The attackers threatened to post personal information of Nexia’s clients, customers and staff online unless it paid a $1m ransom within 72 hours.
It was reported that the hackers appeared to have posted Nexia’s confidential files onto the dark web; however, further investigation revealed that the hackers had merely posted screenshots of Nexia’s files. Realising this, Nexia dismissed the threat and refused to pay the ransom.
But it didn’t end there.
Shortly after the attack, a news service found the Nexia file screenshots on the dark web and publicised that the company’s confidential information had been stolen and shared. Not only did Nexia have to reassure panicking clients that their confidential information remained uncompromised, it had to convince the Australian Securities and Investments Commission, the Australian Federal Police and the Privacy Commissioner that nothing of concern had been taken.
It doesn’t help that ransomware-as-a-service is becoming an increasingly lucrative business for cybercriminals to launch this type of attack. All that is needed is off-the-shelf malware, a wallet of cryptocurrency and it’s ready to deploy against an unsuspecting organisation.
The attack on Nexia demonstrates that even if there is no evidence that confidential information has been leaked, organisations can still suffer significant damage. The cost of reassuring stakeholders and mitigating reputational harm can almost match the consequences of a full blown attack.
As Warren Buffet famously quoted, “It takes 20 years to build a reputation and 5 minutes to ruin it”. While Nexia recovered valiantly, this serves as a lesson that even when unsuccessful, the public ramifications of a ransomware attack are not to be underestimated.
By Cameron Abbott, Rob Pulham, and Stephanie Mayhew
In 2023 the Attorney-General’s Department released the “Privacy Act Review Report” (Review Report), which considered whether the Australian Privacy Act 1988 (Cth) and its enforcement mechanisms are fit for purpose in an environment where Australians now live much of their lives online and their information is collected and used for a myriad of purposes in the digital economy.
Read MoreBy Cameron Abbott, Rob Pulham, Stephanie Mayhew, Dadar Ahmadi-Pirshahid and Lauren Hrysomallis
A new Cyber Security Act is set to be unveiled in Parliament’s next sitting from 12 August, as reported by the ABC. The proposed Act would require Australian businesses and government bodies to disclose when they make a ransom payment to cybercriminals in the event of a hack, or face penalties of up to AU$15,000 for failing to notify.
Read MoreBy Paul R. Haswell and Cameron Abbott
As much as artificial intelligence (AI) remains a hot topic to companies and individuals alike, there remains limited detailed regulation in place. The European Union published its Artificial Intelligence Act on 12 July 2024, but other jurisdictions have been slow or piecemeal in its regulation of AI.
Read MoreBy Cameron Abbott and Rob Pulham
In their recent article available here, Katie Staba and Corey Bieber from our Chicago office discuss emerging advertising technology issues, including new applications of the California Invasion of Privacy Act and the Video Privacy Protection Act.
By Cameron Abbott, Rob Pulham, Damien Timms, Dadar Ahmadi-Pirshahid and Adam Asadurian
Some key compliance dates approach for responsible entities of critical infrastructure assets under the Security of Critical Infrastructure Act (SOCI Act).
Read MoreCopyright © 2025, K&L Gates LLP. All Rights Reserved.