Greetings, fellow privacy professionals.
Hope you are safe and well.
There has been a lot of news in the last few weeks in the APAC region and a continued focus on application security. There is still a lot of ongoing debate on the effectiveness of COVID-19 applications from their design through to their usability. More importantly, in the rush to roll-out, many of these contact-tracing apps are raising concerns on the security and privacy side. This has triggered some countries, like Singapore, to release their own contact-tracing applications that are completely offline and purely a wearable device, and for those who want to dive a little deeper into how this new tag-tracing application works, you can read about it here.
Security and privacy concerns were also raised for more than 30 other applications that are under the spotlight right now, where it has been reported that “… an app on an iPhone will read sensitive data on the clipboards of other connected devices. This could include bitcoin addresses, passwords, or email messages that are temporarily stored on the clipboard of a nearby Mac or iPad. Despite running on a separate device, the iOS apps can easily read the sensitive data stored on the other machines.” Some companies, like Reddit, have already responded to this public outcry to this clipboard issue and updated their mobile app and removed this code for their upcoming update 14 July. TikTok, included on the list of apps reportedly snooping on clipboards, and other social media apps are facing questions by the Australian government on how their company approaches Australia’s privacy laws in general.
The timing of these questions in Australia comes at a time when stronger consumer data rights kicked in 1 July. This has been an ongoing process for a few years, and the Australian Competition and Consumer Commission announced the Australian Consumer Data Right, where customers can request their bank to share their data for deposit and transaction accounts and credit and debit cards. This is more than likely also in response to the growing financial technology space to make sure companies perform their due diligence with proper data management and uphold principles like privacy by design and privacy by default.
In the event space, this year’s Asia Pacific and Japan RSA Conference 2020 will be completely virtual and run 15-17 July. Please register to listen to some great presentations from around the globe on all things security and privacy related. The theme this year is on the “Human Element” of security, and it will look at how there is often too much focus on technology when discussing cybersecurity and privacy, and how the Human Element needs to always be considered when putting together a holistic strategy when trying to safeguard employee and customer data. Also at the end of July, the Privacy Commissioner for Personal Data Hong Kong and Commissioner Stephen Kai-yi Wong will present “Working out for the new data ecosystem and legal frameworks,” which covers everything from data bombing, handling data breaches and recent developments in other regions. This will be a virtual event so please sign up soon!
Finally, for those in Hong Kong, look out for an upcoming IAPP industry event where we plan to partner with a Big 4 company to share data insights and case studies around operational privacy automation of data subject access requests and privacy impact assessments. We hope that you can join.
Stay at home, and take care of yourselves and your family!
Keep safe; keep secure.
If you want to comment on this post, you need to login.