Dear, privacy professionals.
What a fruitful few days it has been! For the record-breaking 450-plus delegates who joined us at the Asia Privacy Forum 2019, I trust that your head is full of new knowledge and ideas with many valuable new professional connections.
During their keynotes, both Commissioner Tan Kiat How from the Personal Data Protection Commission of Singapore and Privacy Commissioner for Data Protection for Hong Kong Stephen Kai-yi Wong spoke about the subtle shift from compliance to accountability. This was certainly a recurring theme throughout the conference, ranging from privacy governance to certification of privacy operations under the new ISO/IEC 27701.
In terms of jurisdictional focus, potential data localization concerns arising from the recent draft security assessment measures from China and the draft Personal Data Protection Bill from India seem to be top of mind at this point in time.
The Singapore PDPC held its annual Personal Data Protection Seminar and will also hold a series of workshops and closed-door meetings with representatives from other data protection authorities and industry partners.
Many of the announcements made by the PDPC during the seminar were related to the renewed focus on accountability. These include:
- The release of a new DPO Competency Framework and Training Roadmap that aims to help privacy professionals better understand the skill sets required at various stages of the career path and identify potential training gaps. For organizations, the framework should assist to ensure that staff within the data protection functions are properly equipped to lead the organization in implementing accountability while harnessing the value of data innovation.
- The appointment of the Infocomm Media Development Authority as the accountability agent for the implementation of the APEC Cross Border Privacy Rules and Privacy Recognition for Processors systems within Singapore. The IMDA is also the body responsible for certifying companies under the Data Protection Trustmark initiative. With the appointment of the IMDA as accountability agent, Singapore becomes the third economy after the U.S. and Japan to fully operationalize the accountability-based regime for cross border transfers of data under the APEC CBPR system.
The PDPC also issued a new guide on accountability and announced that the current “openness” obligation in the Singapore Personal Data Protection Act will be updated to the “accountability” obligation in the PDPC’s advisory guidelines. The accountability approach also informs the PDPC’s active enforcement framework, under which companies may provide an undertaking to shortcut an investigation or admit to liability upfront for an expedited breach decision.
The Public Sector Data Security Review Committee that was convened after a series of high-profile data breaches has released interim findings highlighting that public-sector agencies appear to be lacking in policies governing third-party handling of data and have inconsistent practices in managing data access.
The committee has recommended that the entire public sector should conform to a common framework for safeguarding personal data and, in particular, adopt 13 technical measures that would have prevented or minimized the loss of data in some of the security incidents that led to the setting up of the committee. For example, government agencies would be required to tokenize or encrypt data, adopt data loss prevention tools, and put in place time and volume limits on data access.
These are arguably measures that would be expected of any private-sector organization holding a significant amount of personal data. Given that government authorities are likely to process personal data that are more sensitive in nature, it will be interesting to see what additional findings the committee will make in its final report to be submitted to the government by 30 Nov.
With that thought, I wish you happy reading and a wonderful weekend ahead. For those of you who traveled to Singapore for the Asia Privacy Forum, have a pleasant journey home, and see you next year!
If you want to comment on this post, you need to login.