![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
Hello from Singapore!
We continue to be bombarded by more news coverage on major cyber incidents and breaches of personal data. Recent cyberattacks in Hong Kong have led to the compromise of personal data relating to 380,000 customers of Hong Kong’s second-largest residential broadband provider, Hong Kong Broadband Network, and a number of cyberattacks have also targeted databases belonging to travel agencies involving around 220,000 customers. These recent significant data breaches have led Hong Kong’s privacy commissioner for personal data to indicate that it is time to review Hong Kong’s Personal Data (Privacy) Ordinance, which came into force in 1996 to ensure it provides enough protection of citizens and to increase the Office of the Privacy Commissioner’s enforcement powers.
The Philippines privacy regulator, the National Privacy Commission, has also been investigating a reported data breach affecting 2,000 individuals as a result of a cyberattack on the websites of government and commercial organizations. The NPC summoned top officials of the affected organizations to provide an explanation of why the NPC and the affected data subjects were not notified within 72 hours of the breach. This highlights the need for all organizations to be prepared in advance of a cyberattack, including by having cyber breach incident response plans in place and knowing legal obligations, including any mandatory notification obligations in advance of a cyberattack.
In the wake of continuing news coverage of major data breaches, there is a growing theme that individuals must be able to trust and have confidence in the organizations that are responsible for handling and safeguarding their personal data and that this customer trust may drive the successful businesses of the future. In Singapore, Assistant Chief Executive Yeong Zee Kin, of the Infocomm Media Development Authority and Deputy Commissioner of Singapore’s Personal Data Protection Commission, has highlighted the Singapore government’s desire for companies to cultivate a “data protection by design” approach to managing personal data. Yeong believes this is critical to boost innovation within the digital economy, as consumers will only trust businesses and services when personal data is appropriately used and secured.
Meanwhile, in Australia, data subject confidence and trust is also on the radar of the government. The Victorian government has proposed stricter privacy safeguards be introduced into two new bills that create a facial recognition database to match photos against identities of citizens stored in various federal and state agencies. The Victorian government recommends that appropriate security checks and balances be enshrined in the legislation to provide appropriate transparency to give users and the public confidence in the operation of the facial recognition database.
Until next time,
Stella