Greetings, fellow privacy professionals.
In a recent security and privacy panel discussion, I was asked about some of the key risks that artificial intelligence brings to security and privacy, and I thought it would be nice to share some of my thoughts here. Working in the fintech space, I see increased risks for data privacy and security with facial recognition and threat actors taking advantage of this through AI and creating fraudulent identifications for "Know Your Customer" registrations.
On the lighter side, deepfakes have been used on TikTok for the much-watched Tom Cruise look-alike videos but has raised eyebrows in Asia, from a South Korean news anchor being replaced through to China also monitoring this cybersecurity threat. Countries and companies that allow the use of facial recognition, from the Australian Taxation Office with their new digital identity program to Singapore — one of the first countries to use facial verification — rolling it out to ATMs, and Japan's expected use of facial biometrics during the upcoming Olympics need to take it one step further and ensure that additional security measures, like facial liveness detection, are used as an essential biometric layer to reduce fraud. From a privacy and legal perspective, fellow IAPP member Nicholas Schmidt also addressed this in an IAPP post that you might find interesting.
In other regional APAC news on the breach front, the PCPD in Hong Kong released a news release stating it would conduct compliance checks regarding unauthorized access to email systems at Nikkei, and Singapore Airlines frequent flyer members also hit in third-party data breach belonging to over 580,000 members. This data breach could be the first to face the new Singapore regulations by the PDPA, which took effect 1 Feb. With the ongoing breaches, we should expect heftier fines on the horizon, especially in APAC, where we see more and more regions adopting "GDPR-like" mandatory breach reporting. While this is yet to be effective in Hong Kong, I think it is only a matter of time. A good way to keep up with the Hong Kong Privacy Law is to check out "Personal Data (Privacy) Law in Hong Kong — A Practical Guide to Compliance," second edition, by former Hong Kong Privacy Commissioner Stephen Wong.
Finally, as mentioned in my previous blog post, while we prepare for our annual IAPP Asia Privacy event, some local Hong Kong groups have come together for a Data Privacy Forum knowledge-sharing half-day event 22 April. As conference chairperson, I have invited some of my close friends, colleagues and privacy associates in the region to discuss various data privacy-related matters in APAC and what issues and concerns they are facing right now foreseeable future. I encourage you to join us and hear from the IAPP — a primary supporting organization — and many others from the Hong Kong Privacy Commissioner's Office, and more will be sharing their insights on the day.
Look forward to seeing you at the virtual event!
Keep safe; keep secure.
If you want to comment on this post, you need to login.