Greetings, fellow privacy professionals.

I hope you are safe and well.

It has been less than a month since my last blog, but so much has happened since then. My fellow country managers in other regions have covered the "Schrems II" case, so I would encourage you to read their blog posts, as well as the IAPP’s blogs and references. However, on the Asia front, there could be some areas where we may benefit, and you can read more from fellow IAPP Co-Chair Carolyn Bigg.

From the data breach perspective, we had what some are calling one of the most high-profile hacks at Twitter in which highly influential celebrities and politicians were victims of a scam, and there are new revelations that external contractors have actually been spying on accounts, as well. In other data breach news, source code from dozens of companies was leaked online, with a long list of companies that include Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola and many others, and cosmetic giant Avon leaked around 19 million records.

I am sure there are many more data breaches, but the above are just a few I wanted to point out — and the common thread between all of them involved misconfigurations and a lack of security and privacy controls in their operations. It is easier said than done, because of the vast attack surface that companies are exposed to, but things will not get any better until cybersecurity and data privacy are treated more seriously as business risks and looked at as a board-level issue.

Still on the security front, there has been much talk about Australia’s Assistance and Access Bill, dubbed the “Encryption Bill,” where essentially, it will “require service providers, websites, phone manufacturers, broadband modem and related device manufacturers, data centres and other relevant entities to make changes to their systems that implement backdoors for such agencies to gain access to information contained on the device or site or whatever it may be.”

This really is a step in the wrong direction, and security professionals will tell you that you cannot simply “build in backdoors” to your systems. Doing so would open Pandora’s box and would more than likely backfire, making Australian companies more of a target for global hackers. In the world of security, safeguarding all of your endpoints is already hard enough in the digital world we live in today. Having a requirement to allow a backdoor would mean that companies and security professionals would need to realize that they are making things significantly easier for hackers and the whole idea is flawed and some of Australia’s largest tech companies have said this has damaged Australia’s tech reputation.

Finally, I would like to take this opportunity to thank Privacy Commissioner Stephen Kai-yi Wong for the last five years of dedicated service to Hong Kong. Some highlights include hosting an annual meeting of the International Conference of Data Protection and Privacy Commissioners (renamed Global Privacy Assembly) and being appointed as a co-chair of the Permanent Working Group on Ethics and Data Protection in Artificial Intelligence of the Global Privacy Assembly. These are just some of the many achievements and challenges Wong and his team have faced over the years and built a solid foundation for the new commissioner to follow. This is where I would like to congratulate Ada Chung Lai-ling in being appointed to be Hong Kong’s next privacy commissioner effective 4 Sept. Chung is a veteran government lawyer and comes into the position with a wealth of experience. I look forward to ongoing sharing and collaboration with the privacy commissioner’s office.

That’s all for now folks so take care and stay home and stay safe!

Keep safe; keep secure.