Cybersecurity – Cyber Law Watch

Australian Privacy Law Reform Tranche 2: The Time for Conversation is Over

Aug 26 2025

By: Cameron Abbott, Rob Pulham, and Stephanie Mayhew

Tranche 2 of the Australian Privacy Act reforms is expected soon (perhaps imminently), following comments from the new attorney general in the media that suggested the time for conversation and for lobbying is over. The attorney general noted in an interview last month on Sky News that the highly anticipated “second tranche” of Australian privacy law reform is coming, saying “Australians are sick and tired of their personal data being exploited” and “not being protected,” and that “we will not have our privacy reforms dictated by multinational tech giants.”

New EDPB Guidelines: Processing Personal Data on Blockchain

Jun 23 2025

By: Claude-Étienne Armingaud

The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations before the finalization of these Guidelines.

Pay the Price, Now ‘Fess Up’: Reporting Obligations for Ransomware Payments Are Live

Jun 12 2025

By: Cameron Abbott, Rob Pulham, Stephanie Mayhew, Emre Cakmakcioglu

As of 29 May 2025, the requirement on businesses to report ransomware payments they make has come into effect.

A Positive Package: The Data (Use and Access) Bill

Jun 05 2025

By: Shane Hubbard, Ludovico Lugnani, and Helen Phizackerley,

Since its introduction on 23 October 2024, the Data (Use and Access) Bill (the Bill) continues to evolve as it progresses through Parliament. Reminiscent of the incomplete Data Protection and Digital Information Bill, it has been introduced by the new Labour government to “harness the power of data for economic growth, support modern digital government, and improve people’s lives.” The Bill’s core aims are to grow the economy, improve UK public services and make people’s lives easier. It has been positioned as “a positive package” that “provides greater regulatory certainty for organisations and promotes growth and innovation in the UK economy.”

Australian Privacy Law Reform – The Wait is (Almost!) Over

Sep 12 2024

By: Cameron Abbott, Stephanie Mayhew, and Rob Pulham

The long-awaited privacy reform has finally been introduced into the Australian Parliament today with the introduction of the Privacy and Other Legislation Amendment Bill 2024. Described as ‘Tranche 1’ of the reforms, the Bill introduces significant uplifts to several aspects of Australia’s privacy laws.

Australian Privacy Reform Series Refresher: What Are These Reforms?

Aug 13 2024

By Cameron Abbott, Rob Pulham, and Stephanie Mayhew

In 2023 the Attorney-General’s Department released the “Privacy Act Review Report” (Review Report), which considered whether the Australian Privacy Act 1988 (Cth) and its enforcement mechanisms are fit for purpose in an environment where Australians now live much of their lives online and their information is collected and used for a myriad of purposes in the digital economy.

AI’s Next Frontier: The New Voice of Scam Calls?

Jul 10 2024

By: Cameron Abbott, Rob Pulham, Dadar Ahmadi-Pirshahid, and Adam Asadurian

Astonishingly (…or perhaps not, for anyone who’s answered a phone call recently), “imposter calls” are the number one offender of spam calls in the United States, amounting to 33% of all phone calls according to a recent study by QR Code Generator.

New Guidance Released for Australian Listed Companies on Continuous Disclosure Obligations During a Cyber Incident

May 22 2024

By: Cameron Abbott, Andrew Gaffney, Harry Kingsley, Rob Pulham, and Stephanie Mayhew

Australia’s corporate regulator, ASIC, has released new guidance on how to comply with market disclosure requirements when a listed company is in the middle of investigating and responding to a cyber incident.

Tennessee Moves First on AI Protections With ELVIS Act

Mar 22 2024

By Jason W. Callen and Christopher J. Valente

On 21 March 2024, Tennessee became the first state in the United States to prohibit unauthorized use of artificial intelligence (AI) to replicate an individual’s likeness, image, and voice when its governor signed the Ensuring Likeness, Voice and Image Security Act of 2024 (ELVIS Act). The protections in the ELVIS Act for a person’s voice from AI misuse is particularly notable. Tennessee, like other states, already had prohibitions on unauthorized use of an individual’s likeness and image. And while some other states, such as California, have also protected a person’s voice, none had expressly linked all three—likeness, image, and voice—to AI.

“Grandma, I have [not] been kidnapped”: The FCC Bans AI-Generated Robocalls

Feb 12 2024

By Andrew Glass, Gregory Blase, and Joshua Durham

Effective immediately, the Federal Communications Commission (FCC) banned AI-generated phone calls with its recent Declaratory Ruling (the Ruling). Known as audio or voice “deepfakes,” AI can be trained to mimic any person’s voice, resulting in novel scams such as grandparents receiving a call from their “grandchild” and believing they have been kidnapped or need money for bail. FCC Commissioner Starks deemed such deepfakes a threat to election integrity, recalling that just recently, “potential primary voters in New Hampshire received a call, purportedly from President Biden, telling them to stay home and ‘save your vote’ by skipping the state’s primary.”

Tag:Cybersecurity