Greetings, fellow privacy professionals.
I hope you are safe and well.
Lots happening in the region since my last blog post, and let’s start with the regional updates from the Privacy Commissioner’s office. Commissioner Ada Chung has officially started as the new privacy commissioner for personal data in Hong Kong. Since taking office only a few weeks ago, the PCPD has already been actively working and released its updated “Guidance on Collection and Use of Biometric Data.” Similarly, the Singapore Personal Data Protection Commission also released a new guide, specifically focusing on managing data intermediaries under the obligations of the PDPA, and key considerations for organizations when outsourcing data-processing activities. The guide will look into the different aspects of governance and risk management, policies and practices, service management and exit management. The Australian Office of the Information Commissioner also released a useful infographic showing the “Australian Community Attitudes to Privacy” in a survey that found 85% of Australians have a clear understanding of why they should protect their personal information, but 49% of respondents say they don’t know how to do this.
In regional APAC security news, the University of Tasmania faced a breach impacting around 20,000 students but ruled out external attackers, this time due to internal issues stating "security settings on shared files were unintentionally configured incorrectly, which made the information visible and accessible to unauthorised users." Similarly, internal misconfiguration may have also caused an “exposed Elasticsearch instance” with an online maths resource with a large Australian user base. On the other side of the coin, Service NSW revealed 738 gigbaytes of customer data were stolen during an email breach, indicating it was a “criminal attack.” While we will continue to see both internal and external attacks taking place, with some more advanced and obscure, like hacking into a casino through their connected device fish tank thermometer, companies must not forget the more traditional methods of attacks either — confidential information left in printers.
Plain and simple, paper in many industries is still a core way of doing business, and especially in the health care industry, paper won’t be fully replaced anytime soon due to the need for paper reports, prescriptions, test results and so on. A recent report by Quocirca found 60% of organizations surveyed had experienced at least one data breach due to unsecured printing.
Finally, I wanted to bring to your attention to an upcoming Hong Kong Virtual KnowledgeNet that we are co-hosting with Deloitte, “Data Insight: The importance of knowing your data and its flow.” Space is limited so please register early, and the Zoom link details will be shared a few days prior to the event. Without spoiling too much, we will talk about data governance, and Deloitte will share some case studies from their experience. We will also have a panel to discuss data subject access rights and to what extent this can be automated. I look forward to seeing you online 8 Oct.
That’s all for now folks so take care, and stay home and stay safe!
Keep safe; keep secure.
If you want to comment on this post, you need to login.