Greetings, fellow privacy professionals.
Hong Kong FinTech Week just wrapped up, and it was a great success. Privacy Commissioner Stephen Wong and I participated in the Tencent Finance Academy’s panel discussion on big data ethics and artificial intelligence. It was a lively discussion in front of 250 attendees, and we were able to share thoughts from many different angles.
In regional news, China has requested internet companies tighten data privacy, and the strict trend seems to continue. “Without consumer consent, member organizations should not collect, use or provide personal consumer information to third parties,” China’s National Internet Finance Association said in a statement earlier this month. This is a hot topic right now in the region, with the revised China’s Cybersecurity Multi-level Protection Scheme going into effect 1 Dec.
This is a good segue to remind you about the upcoming China Cybersecurity Law Compliance Conference sponsored by the IAPP and Privacy Commissioner for Personal Data 11 Dec. I am moderating the event, and there are limited seats left, so please register here.
Cybersecurity best practices are always a combination of people, process and technology. I am sure the Australian government spends generously on technology, IT and security, but the people and process part are always the challenges for companies large and small — and as you can see from the issues they recently faced, the government is no exception. It is important that all organizations have an incident response “playbook” and that companies should perform routine exercises to make sure the key stakeholders are aware of the risks and at what time these books will come into play.
It is unclear what the full story is, but in all fairness, no organization is perfect at incident response and remediation. Reviewing the playbook on a routine basis can ensure the key players are more familiar with the process that could help reduce the downtime during unfortunate cases like this in the future. In this case, “it took eight days to remove the bad guys from the parliamentary network, according to evidence given to the Senate Finance and Public Administration.” Poor cybersecurity processes lead to easier entry points for attackers, which result in potential data privacy breaches.
Many of you who I have had the privilege of meeting at the Hong Kong KnowledgeNet events and other events have asked how to learn more about best practices, and I have referred them to the Certified Information Privacy Technologist certification. The CIPT is a great way for privacy professionals to learn about data privacy like the above cases and useful for those who want to bridge the security and privacy field but not get too technical into the cybersecurity front.
Finally, I hope to see you at the upcoming CISO Executive Roundtables. I am participating on the IAPP supported “The Future of Data Protection: Adapting to the Privacy Imperative” panel 28 Nov.
Look forward to sharing more developments in this space in the next IAPP Digest!
If you want to comment on this post, you need to login.