Happy Chinese New Year from Hong Kong!
As we enter the new lunar year, in Hong Kong, the Privacy Commissioner has announced that his office has seen a nearly 20 percent increase in breach notifications in the last year. While the Privacy Commissioner expressed concern at the rising trend, he was also pleased that the more organizations are willing to notify the incident voluntarily and to work with the Personal Data Protection Commission in the response process.
Big changes are coming for data security in Singapore with the Parliament passing the Cybersecurity Bill on 5 Feb. that creates a national framework for the protection of “critical information infrastructure” against cybersecurity threats. The new law requires owners of “critical information infrastructure” to comply with new government cybersecurity requirements and also provides for the appointment of a new cybersecurity regulator who is tasked with taking measures to prevent, manage and respond to cybersecurity threats and incidents in Singapore. It also provides a framework for regulating providers of certain cybersecurity services, such as penetration testing and the management of security operations center monitoring in Singapore.
Once the new law receives presidential assent and comes into effect, the Singapore government will have the powers it says it needs to safeguard essential services in the key regional hub, but some commentators have queried the business costs involved when Singapore is reported to be already spending more on cybersecurity than the average nation when calculated as a percentage of its GDP.
Separately in Singapore, on 1 Feb., the PDPC released its response to feedback received on its public consultation on approaches to managing personal data in the digital economy, which took place in the second half of 2017. The PDPC’s response may provide a “preview” of the changes likely to be introduced to Singapore’s Personal Data Protection Act, such as the introduction of an enhanced framework for collection, use and disclosure of personal data and a mandatory data breach notification.
A debate is also growing in Australia on the security of data but from a very different perspective. The Australian Parliament’s Joint Committee on Law Enforcement has an inquiry underway on the impact of new technologies on law enforcement, including the impact of encrypted communications on police investigations. Legislation is said to be under preparation to enable law enforcement to adapt to the challenges of encrypted communications, but the scope of the reforms contemplated is not yet clear. It will be interesting to see how the Australian government balances genuine concerns for effective law enforcement with the public expectation of privacy in communications. And, of course, we are on the one-week countdown until the mandatory breach notification law takes effect in Australia.
There is a lot happening in this part of the world. All the best for the Year of the Dog!