­­Greetings, fellow privacy professionals.

The biggest news since my last post has been about the proposed changes to Hong Kong’s Data Protection Law. My fellow Asia-Pacific country leaders covered part of this in their respective APAC posts, and I believe these changes will bring Hong Kong more in line with our global and regional partners on the data protection front. I commented on this issue for the South China Morning Post, and there has been some really nice coverage from fellow IAPP members as well on this topic, breaking down some of the key aspects of the consultation paper. We will continue to watch this closely and share future updates as they happen.

Shifting focus back to cybersecurity, specifically to Asia-Pacific, there was a lot of research on the topic in 2019, and we should reflect on that data and the impact it will have in 2020.

For the first time, cyber incidents are the most important business risk in Asia-Pacific, according to Media OutReach. This is a significant change as the topic did not even fall into the top-10 areas of concern for risk managers. However, the challenge many companies face is how to tackle this, and building a “cyber-resilient” culture is never easy. For example, if you look at Australia, based on the latest reports from McAfee, “an impressive 87% of organisations are taking the right steps towards building a solid culture of cybersecurity. However, this isn’t translating as it should into an adequate level of cyber resilience with our Australian respondents.”

The McAfee Cyber Resilience Report surveyed 480 cybersecurity decision-makers across eight Asia-Pacific countries, including Australia, Hong Kong, India, Indonesia, Malaysia, New Zealand, Singapore and Thailand, and found 73% of Australian respondents are familiar with the concept of cyber resilience, compared to 97% of Indians and 95% of Indonesians.

However, we could soon see a shift where cybersecurity and privacy will play a bigger role in boardroom strategies and investment in Australia, especially with the introduction of the Notifiable Data Breach requirement and strengthened regulatory stance in Australia on many fronts in regards to data protection. It is sometimes difficult to know where to start with cybersecurity, as there are indeed many approaches and there is no one off-the-shelf strategy or solution that caters to all. I had an opportunity to write about cybersecurity from a philosophical approach in time for Chinese New Year earlier this month, and I wrote about how ancient “Art of War” strategies can help organizations look at cybersecurity from a different perspective.

In other local news, the Hong Kong Privacy Commissioner for Personal Data revealed a 75-fold increase in “doxing” complaints in 2019 and recently declared doxing health care workers is illegal and unethical. Weaponizing personal data seems to be the new trend right now and more prevalent in Asia given the recent political events. This could be a dangerous path if it continues as the norm, so more public awareness of privacy and ethics is needed. I look forward to hosting some IAPP KnowledgeNet events in March to bring together members to discuss such topics and share more on current security and privacy matters.

Finally, don’t forget to register for the IAPP Asia Privacy Forum in Singapore 13 to 14 July, and there is still time to submit your speaking proposals to share you industry experience and expertise!

Look forward to sharing more developments in this space in the next digest!

Keep safe; keep secure.