Greetings, fellow privacy professionals.

I hope you are safe and well.

Since COVID-19 still tops the headlines, it is interesting to see the feedback from the general public and independent studies on its privacy impact. Singapore was one of the first countries to adopt a contact tracing application framework for others to use and adopt, and independent studies have found that the TraceTogether app is least intrusive in terms of privacy among similar apps in Southeast Asia. In contrast, there have been 40 apps for contact tracing in India, and there are serious concerns about the lack of privacy and security safeguards. This is a serious concern as the apps have several millions of downloads, and with other large-scale data breaches in the region (as recent as this week with more than 7 million records leaked from one of India’s largest payment apps), people should make sure they read the privacy notices and be aware of what data they will be sharing when they sign up to use the applications.

It is definitely a balancing act between security, privacy and usability, but some things to consider include who has access to the data, how health data should be used during the crisis and how health data should be used after the crisis? On the topic of “after the crisis,” there is an ongoing concern that it may take years to develop a vaccine for COVID-19, and if that is the case, then the fear for many is that the contact tracing apps could become a permanent part of everyday life going forward. We are seeing this in China and in some provinces in India, and depending on how countries are able/unable to contain it, Western countries may soon follow.

In other regions, there have been a number of data breaches. In Indonesia, a data breach affected more than 2 million voters, and a sports fan portal data breach affected 70 million records in Australia. This is an ongoing problem, and the most recent "2020 Thales Data Threat Report — Global Edition" found that nearly half (47%) of organizations experienced a breach or failed a compliance audit in the past year, and more almost 15 million data records have been compromised since 2013.

In brighter news, I would like to congratulate Hong Kong's Office of the Privacy Commissioner for Personal Data for being named “Manpower Developer” again for PCPD’s outstanding achievements in manpower training and development in recognition of the PCPD’s performance in nurturing talents. Commissioner Stephen Kai-yi Wong stated, “2019 was a challenging year to the PCPD. We handled close to 5,000 doxxing cases last year. At the same time, the application of technologies such as big data, cloud computing and artificial intelligence in the data-driven economy has made data protection more complex.” Given 2019’s challenges, the PCPD was still committed to advocating privacy from their Data Protection Officer Club events, through to supporting IAPP KnowledgeNet events, and finally to guest speaking to my master’s students at Hong Kong Baptist University School of Business. Once again, congratulations to the PCPD for a well-deserved award.

Finally, I thought I would share with the privacy community that I was proud to lead my team at Crypto.com to be one of the first companies in the world to achieve the new privacy-focused ISO27701:2019 certification. This was done through a rigorous audit by SGS, and I am happy to announce that we are the first fintech/cryptocurrency company in the world to hold this certification and indeed the first company in Hong Kong to achieve this with the organization-wide audit scope that we were assessed on. I look forward to sharing my personal experience with our local members in the next Hong Kong KnowledgeNet.

Stay at home, and take care of yourself and your family!

Keep safe; keep secure.