![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
Hello and Happy New Year from Singapore!
As we celebrate the new year and look forward to what 2018 may hold, we expect that many organizations will be adding privacy compliance and remediation work to their list of new year's resolutions for 2018.
In the past two years, the Singapore Personal Data Protection Commission has fined 22 organizations (and one organization twice) for security breaches that exposed personal data. The total fines amount to SGD 216,500. These numbers have raised concerns among experts that organizations are not taking privacy seriously enough, particularly as the majority of fines relate to organizations failing to have adequate security measures in place to protect personal data.
Similarly, in Hong Kong, Privacy Commissioner for Personal Data Stephen Wong is also concerned that individuals need to do more to protect their personal data and organizations should be doing more to safeguard the personal data they collect. The Privacy Commissioner noted that protecting personal information online will become increasingly challenging as the world enters the age of big data and that the difficulty in predicting how such data will be used makes protecting that data very challenging. Commissioner Wong has pledged to strengthen a public education campaign to complement his enforcement activities.
Meanwhile, in Australia there is a growing concern that Australian organizations are not adequately prepared for one of the world’s most significant privacy reforms: the EU GDPR, which comes into effect in May 2018. This is especially the case as Australian organizations are grappling to comply with both Australia’s upcoming data breach notification requirement and the requirements of GDPR. The GDPR may apply to all organizations (whether located in Australia or elsewhere) if they have an establishment in the EU, if they offer goods or services in the EU, or if they monitor the behavior of individuals in the EU. Organizations that fail to comply with GDPR risk fines of up to EUR 20 million or 4 percent of global turnover, in addition to significant reputational damage. Organizations are urged to seek legal advice about their potential exposure to GDPR and, if within scope, take steps to remediate any gaps prior to May 2018.Â
As India reflects on the year that was, Indians can celebrate a historic privacy win. In August 2017, a nine-judge constitution bench of the Supreme Court ruled the right to privacy is a fundamental right under the Indian Constitution. As we look ahead to 2018, this ruling may impact the future of Aadhaar, the Indian government’s 12-digit biometric identification program that will link with all schemes and services that Indian citizens use. The Indian Supreme Court has yet to rule on a number of petitions challenging the Aadhaar bill. In addition to the Aadhaar program, the Supreme Court’s privacy judgement is predicted to affect future judgments on other civil society freedoms, as well, including potentially the right to control dissemination of personal information in the physical and virtual world – so watch this space!
We hope you all had a wonderful festive season. Â