TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | Meet the IAPP Asia managing director, Rona Morgan Related reading: Data privacy requests metrics: Lessons for your privacy program





IAPP’s first-ever managing director for Asia, Rona Morgan, began her journey to this position in an unorthodox way.

As a child, she liked the idea of “counting and handling the cash,” she said.

Her youthful affection for saving funds and curating a money box collection blossomed into a career as a generalist banker, which in turn led to a role in planning and strategy.

“This was where I found my element,” Morgan said. “I loved brainstorming strategy and potentially influencing the future.” Her work with HSBC brought her around the globe, fulfilling a dream that was also childhood-borne. “My uncle, a sailor, was posted to Singapore when I was very young, and we were sent exotic gifts from the Far East. I always dreamed of what it would be like,” she said.

It was professional apathy in London that eventually inspired her to look for positions abroad. “I was fortunate that HSBC was in the throes of merging the U.K. Midland Bank with the Hong Kong and Shanghai Banking Corporation and there were opportunities for secondments,” she said. It meant taking positions in Brunei, Hong Kong, Singapore, and eventually Australia, with ANZ. “And now, I am almost fluent in Australian!” she joked.

As Morgan’s home-base changed, so did her career focus, from strategy to risk management. “Much like privacy now, risk management as a profession was nascent and growing,” she said. “I saw how quantifying risk could influence the amount of risk taken and the strategic direction for our business.” The next notch on her resume came from developing risk-appetite frameworks for two banks, an achievement she described as casually as if she had made a sandwich. “I found it very stimulating to be able to engage with the board on defining risk appetite and debating how much risk the bank should take,” she said.

It was when Morgan retired from banking and was working as a health coach – an endeavor she called “my passion” – that she stumbled upon the IAPP.

“I first heard about [the organization] about two years ago, while attending a Singapore Personal Data Protection Commission training session for DPOs following the implementation of the Singapore PDPA,” she said.

And the rest was history.

“I found this role attractive because it seemed to be such a good fit for me and the culmination of many things I’ve done in the past that brought me to this point.”

She highlights her work with the Hong Kong privacy commissioner, leading a young executives’ organization, and achieving regulatory approval for HSBC’s new capital rules implementation as a few of the many things that prepared her for the job. “I feel my background in finance, business, regulation and risk management are also good grounding for privacy and for a managing director role,” she added.

But all those things are in the past, and Morgan is interested in looking ahead. There’s work to be done in the Asia-Pacific region for privacy professionals, work that begins with the area’s most pressing challenges, she said.

“One of the key issues I see in this region is trans-border data flows, coupled with the complexity of a potential plethora of diverse regulations,” she continued. “In addition, trade flows mean that many Asia-based and multi-national corporations will need to contend with EU and U.S. regulations as well.”

The good news is, as more countries in the region adopt privacy regulations as they have,“more will start to take privacy more seriously,” Morgan said. “I see this as positive for our profession and I am sure we will see increased demand for our training and certification.”

This upswing in privacy awareness makes setting goals easy.

“I hope see the growth of Knowledge Net chapters across the region, to support and engage the APAC privacy community,” she said. “Naturally, along with that, I’d love see our membership numbers growing strongly.”

The regulatory growth is a double-edged sword, she added. While some countries are adopting rules, a universal, international standard has yet to develop across the region. “This presents opportunities and challenges, both for IAPP and for privacy professionals in the region,” she said.



If you want to comment on this post, you need to login.