Hello, privacy pros.
Ransomware has been an increasing challenge as governments and organizations worldwide struggle to keep systems safe. As iTnews reports, Australia's Shadow Assistant Minister for Cyber Security Tim Watts introduced a bill that would require mandatory reporting to the government's Australian Cyber Security Centre of ransoms paid by businesses with an annual turnover exceeding AUD $10 million.
This bill comes amid a variety of measures considered by industry and governments aiming to curb ransomware, including calls to criminalize the payment of ransomware demands or the prohibition of such payments as part of cyber insurance policies. The criminalization of ransomware payments and removal of cyber insurance as a means to manage ransomware risk raises significant ethical issues and limits an organization's ability to respond to what may be an existential crisis. Companies should be investing to reduce the likelihood of falling victim to ransomware attacks, many of which could be prevented simply by getting the basics right: rigorous patching of systems, increasing staff awareness of attacks such as phishing and implementing multifactor authentication.
Outside of Australia, the National Privacy Commission of the Philippines announced a bill to amend the country's privacy law to keep up with changing times. The bill includes stronger enforcement powers for the NPC and updates elements related to the collection and use of sensitive personal information by expanding its definition and permitting its collection based on a contract. Other updates in the bill include clarifications on extraterritoriality, the age at which children can provide their consent to collecting and using personal information, and permitting local data processors to handle breach notification on behalf of foreign controllers.
The U.K. and Singapore began negotiations on a digital trade agreement. The agreement is expected to include a cross-border transfer mechanism between the two countries. This would further strengthen the cross-border transfer ties between Asia and Europe, with Japan having successfully negotiated a mutual adequacy finding with the EU. South Korea is expected to receive an adequacy finding from the EU soon.
Finally, a big thank you to all of the privacy professionals who submitted proposals to speak at the IAPP ANZ Summit 2021 in Sydney, 9 to 10 Nov. Our Advisory Board was grateful for the many thoughtful submissions and is working to finalize the agenda. I'm confident we will have engaging discussions across a range of experience levels, industries and interests, and I look forward to seeing many of you there in person.
Stay safe until next time!