Welcome to the February edition of our Data And Cyber Bulletin, which has an international flavour as we consider issues across in Europe, Asia-Pacific and the United States.
Firstly, we look at the world of artificial intelligence, by exploring first-hand the risks associated with the ChatGPT AI language model.
In Europe, we review changes to the French Insurance Code, which will create changes in reporting requirements following a cyber-attack. We also look at the recent call for evidence by the UK Government on software and digital supply chain resilience.
We review developments in the Asia-Pacific region, including the introduction of data protection legislation in Indonesia, and judicial guidance in Singapore on ‘emotional distress’ as loss or damage.
Finally, we have produced an article with our Legalign partners, Wilson Elser, on recent efforts in the US to obtain Supreme Court guidance on the issue of privilege involving ‘dual purpose’ communications such as forensic reports.
The ethics of AI: Cyber Risks and Chat GPT
We analyse the perils associated with AI language models by reviewing the capabilities of ChatGPT and considering whether there are deficiencies in the model which could generate cyber risks.
Cyber-attacks, insurance cover, and the French Insurance Code: a new reporting requirement
We assess changes to the French Insurance Code, which from April will increase the reporting requirements on victims of cyber-attacks, as well as giving insurers a new regime to grapple with.
Indonesia passes new legislation on Personal Data Protection
We review new legislation introduced in Indonesia responding to periods of concern in respect of repetitive data breaches. Ushering in a new era for data protection practices in Indonesia, it is hoped that the Personal Data Protection Law will act a handbrake against the levels of criminal activity recently seen in local data breach occurrences.
Singapore: Court of Appeal rules on ‘Emotional Distress’ as loss or damage
We consider a recent decision in the Court of Appeal in Singapore holding that “Emotional Distress” should constitute a form of loss or damage under Section 32(1) of the Personal Data Protection Act. The decision provides useful clarification - in that emotional distress is an actionable head, whereas a simple loss of control is not – and serves as a cautionary warning to all organisations engaged in collecting or processing of personal data.
Software next on the agenda for UK cyber resilience
We assess the recent call for evidence issued by the Department for Digital, Culture, Media and Sport aimed at all organisations with an interest in software and digital supply chains. This call for evidence is consistent with other developments around cyber resilience in the UK, such as the overarching UK Digital Strategy, the Product Security and Telecommunications Infrastructure Act and proposed changes to the NIS regulations.
US Supreme Court ruling leaves uncertainty around legal privilege for forensic reports
We look at the recent decision of the US Supreme Court in declining to consider the issue of ‘dual purpose’ communications in the context of privilege and the impact on practitioners involved in US matters.
We hope you enjoy this month’s edition. Please do contact this month's authors if you have any questions.
