By Susan Ning, Wu Han, Li Huihui , Zhang Lejian King & Wood Mallesons’ Commercial & Regulatory group

Over two months has passed since the Cyber Security Law of the People’s Republic of China (Cyber Security Law), a fundamental law in cyber security, took effect. Such a short period of time saw numerous changes: in legislation, implementing regulations dealing with “personal information protection”, “security assessment of cross-border transfer of personal information and important data” and “protection of critical information infrastructure (CII)” are under formulation; in law enforcement, regulatory authorities are taking resolute efforts to implement the Cyber Security Law, with specialized law enforcement campaigns in various places. Meanwhile, conflicts among network operators arise among others, in relation to ownership of personal information and data owners. All circles of the society are focusing on development in regulations associated with the Cyber Security Law and in law enforcement.
Continue Reading Several“Must-knows” after the Cyber Security Law Took Effect

By Susan Ning, Han Wu, Yangdi Zhao, Yuanshan Li King & Wood Mallesons’ Commercial & Regulatory group

Frequent Cybersecurity Incidents

Recently, the cyber ransomwares are rampant in the global cyberspace. Data leakage and network breakdown resulted from the viruses cause severe financial losses to network operators, and present a significant challenge in global cyberspace safety. In May, WannaCry Ransomware attacked over 150 countries, including the UK and Ukraine, and users in China were also influenced.[1] When the world is still in the shadow of WannyCry, a new ransomware, which is regarded as a variant of Petya virus, has already spread across the world. The new ransomware has attacked the UK, Ukraine, Russia, Denmark and other countries.[2]

Continue Reading Petya attack calls for an emergency plan

By Susan Ning, Yang Nan King & Wood Mallesons’ Commercial & Regulatory group.

“Invisible Waybills”: An Innovation to Better Protect Personal Information

A recent news article about the debut of “invisible waybills” by S.F. Express (a major delivery services company in China) [1] has attracted public attention.  S.F. Express has introduced an “end-to-end entire process information security solution” which protects its customers’ personal information.

First, the customer’s name, phone number, address and other personal information is encrypted and hidden or encoded on waybills.

Second, the customer’s personal information is not disclosed throughout the process so the firm’s departments and employees, such as couriers and customer service staff, will no longer access such information.
Continue Reading Putting an “Invisibility Cloak” over Personal Information —— A discussion on “invisible waybills” introduced by express industry

By Michael Swinson and James Patto. King & Wood Mallesons’ Melbourne office.

捕获Earlier this year, after several frustrated efforts, Australia finally passed new mandatory data breach notification laws in the form of the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (which will come into effect on or before 22 February 2018).

While much has already been written about the Act, there is still a degree of uncertainty as to how the new regime may play out in practice. In this article, we aim to guide readers through the practical application of the laws by reference to a number of hypothetical fact scenarios and, in the course of doing so, provide some practical compliance tips.
Continue Reading Confessing your data breach sins

By Joshua Fisher and Michael Swinson  King & Wood Mallesons’ Melbourne office.

捕获The “internet of things” or “IoT” may be the defining technology buzzword of our age. Certainly just about every technologist is busy explaining how the IoT will revolutionise the ways in which businesses work and societies function.

Yet, as IoT systems and devices proliferate, so do the security implications. While many benefits of the IoT can only be realised by expanding the ecosystem of interconnected IoT devices, this can also be one of its greatest flaws; networks are only secure as their weakest link.

Many readers will already be familiar with some of the more famous examples of IoT vulnerability, such as the demonstration at the 2015 Black Hat of taking control (remotely) of a Jeep Cherokee travelling at over 110kph or the recent incident when IoT-connected CCTV video cameras and DVR players were used to facilitate one of the largest internet denial of service attacks in history. However, despite the high level of awareness of these security issues, industry is yet to take a coordinated approach to dealing with these matters.
Continue Reading Who’s afraid of the IoT? IoTAA Security Guideline

By Suman Reddy  King & Wood Mallesons’ Sydney office.

Ahead of the upcoming Digital Health Show to be held in Melbourne on 29 & 30 March, we thought it would be an opportune time to examine the current state of play in Australia with respect to digital health records management.

In this article we discuss the My Health Record system and provide some observations about the challenges and opportunities facing this important healthcare initiative.
Continue Reading My Health Record: the resuscitation of e-health, or a data placebo?

By Travis Toemoe, Peter Yeldham and Alexa Milosevic. King & Wood Mallesons’ Sydney office

toemoe_tDefining what is and what isn’t “tangible property” should be easy. Right? There are a plethora of accepted definitions about tangible property being something that can be touched, perceived or held. Take, for example, flipping a coin. The outcome is binary, that is, something is either tangible or it isn’t. But if your business is heavily invested in protecting its data, you might want to flip the coin again.

It is not uncommon for insurance policies to stipulate that the insurer will pay damages arising from “property damage”, or provide a sub-limit on recovery for damage to property. Property damage usually refers to some form of physical damage to, or loss of, or destruction of “tangible property”. As ever, the law in this area has been slow to keep up with advances in technology. Whether data or electronic information can be considered “tangible property” (and therefore insured property) poses an important question for insurers and policyholders alike. Put simply, is your data insured or not?
Continue Reading Touch the edge – is data “tangible property” for the purpose of your insurance policy