Greetings, fellow privacy professionals.
With COVID-19 case counts dropping in Hong Kong, certain businesses are now being allowed to reopen — more people per table at restaurants and extended operating times into the evening for the bulk of the eateries. However, this relaxing of lockdown rules has additional requirements for individuals and the reopened businesses’ cooperation.
Personal privacy has been a major topic this week. The Hong Kong Privacy Commissioner for Personal Data’s office released a statement addressing the “LeaveHomeSafe” mobile application. The public has voiced concerns about this, particularly whether authorities can access data to the point where locals are circumventing the requirements and opting to physically write their details (often fake details) on paper. Citing the rise in fake or fraudulent apps, some reportedly use burner phones that are not tied to their personal data.
As these new requirements kicked in just last week, my feeling is that it will take more PR work to gain the trust of the public to help with greater adoption of the contact-tracing app.
In other regional APAC news, one of the biggest telecommunications companies in the region was involved with a data breach. Information on 129,000 Singtel customers was stolen as part of a third-party hack. Supply chain attacks are becoming more common where companies rely more on third-party providers, especially in the cloud space. These risks often go unnoticed, and organizations need to adopt a risk-based approach when onboarding new suppliers and perform risk assessments each year due to changes suppliers make to their product codebase and consider new product offerings the organization could be using.
The IAPP has resources on third-party vendor management you may find helpful because, unfortunately, contractual agreements between parties (in the case of the GDPR, controllers and processors) are often not enough. More detailed privacy impact assessments are needed to ensure an organization does its due diligence from a risk management perspective.
In other Singapore news, the government’s plan to install monitoring apps on student computers has raised concerns with local privacy groups. They are questioning what constitutes “objectional material,” which the government is trying to weed out.
While the IAPP is busy preparing for our annual IAPP Asia Privacy event, some local Hong Kong groups have come together for a Data Privacy Forum knowledge-sharing half-day event 22 April. I am honored to have been invited to be the conference chairperson, and we have supporting organizations from IAPP, HK Baptist University and more, with Hong Kong Privacy Commissioner Ada Wong providing the opening remarks. The event is virtual, and registration will open soon. I will be sure to share the details in my next blog post.
I would also like to inform all members that our next KnowledgeNet will be 11 March. Our great team of co-chairs will host a discussion themed around “Privacy Challenges in the Year of the Ox: an interactive session sharing experiences from the front line.” Registration details will be shared soon.
Finally, as this is my first IAPP blog post in the new Chinese New Year of the Ox, I want to wish those celebrating in Asia and abroad a safe and prosperous new year!
Keep safe; keep secure.