TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | The Asia Privacy Forum: In pictures Related reading: The Regulators’ View of the Singapore Privacy Law

rss_feed

""

DPC18_Web_300x250-COPY
PrivacyTraining_ad300x250.Promo1-01

While I'm still downloading all the information I gathered at this week's Asia Privacy Forum in Singapore (see here and here for previous coverage), I was culling through some of our photographer's images, and I thought they'd make a great way to focus some of the thoughts I came away with. So here goes:

First of all, I was struck by this panel that featured Teresa Troester-Falk, CIPP/US, global privacy strategist at Nymity; Derek Ho, CIPP/US, CIPM, VP and senior managing counsel at MasterCard; and Edna Essien, CIPP/E, senior global privacy counsel at Standard Chartered:

APF17-PIAs-no-attrib

Essentially, they pointed out, the PIA hasn't changed much since the idea of PIAs first emerged in the late '80s. With the tech we have available to us today, why aren't these living documents rather than periodic performances? Cloud hosted and kept up like any other project, there should be frequent adjustments to the risk-scoring and evaluations of personal data being gathered as laws change, technology changes, and social norms change. This doesn't seem like that radical of an idea, but how many companies are still performing an assessment annually or only at the outset of a project? Time for everyone to step up their game.

Similarly, I loved the way MasterCard CPO JoAnn Stonier, CIPM (also, chair of the IAPP board), Avepoint Chief Risk and Compliance Officer Dana Simberkoff, CIPP/US, and Coupang CISO/CPO Ben Gerber talked about privacy by design:

APF17-PbD-Transfer

I think Gerber's line was, "If you're not managing and tagging all data the way you're managing and tagging personal data, you're not doing your job." The point is: You have no idea when certain data might become personal, and you have no idea when data might be useful to the organization or, alternatively, become a risk. Simberkoff got a lot of run out her line, as well: "Metadata is a love letter to the future." Expect to hear that quoted again in the near future.

I'll admit that I was expecting the Trustmarks session, headed by Baker McKenzie's Ken Chia, CIPP/A, CIPM, CIPT, FIP, with Edna Essien, CIPP/E, doing double duty as a replacement for a colleague and Sheena Jacob, CIPP/A, CIPM, head of privacy and data protection for JurisAsia, to be a bit dry, but the topic ended up being pretty enlightening:

First, we got a sneak preview of the PDPC's news about its new Trustmark program, but also some very interesting data on how trustmarks are received and used in Asia. For me, it seems a bit preposterous that anyone would use a website differently just because there was a little icon in the corner somewhere, but Chia noted that Asians report themselves 45 percent more likely to use an e-commerce site if there's a trustmark of some kind, and the panel made the great point that trustmarks must have some value; otherwise, Ashley Madison wouldn't have bothered to put up fake ones (for which they were fined by a suite of regulators). Further, the trustmark program in Japan is currently employed by some 20,000 companies. Expect Singapore's to have a big uptake, as well.

Finally, I think everyone was appreciative of the candor displayed in the closing keynote address by Alibaba Cloud Head of Global Compliance Larry Liu:

APF17-Larry-Liu-no-attrib

Asked to stand up a privacy program from scratch, with few resources, he walked us through the tough decisions he had to make and the speed with which he had to get his arms around this kind of compliance effort. So many of our members face similar dilemmas: how to do your job well without quite having enough tools and resources to do that. Luckily, Liu reported, Alibaba Cloud's C-suite recognized quickly the importance of a strong privacy and data protection stance to the growth of the business. So, he got the budget. But that was only the start. He needed the expertise, the staffing and the time to figure an area out that he knew little about. The way he talked through his effort to learn, listen and experiment was refreshing and, frankly, pretty fun.

All in all, while all of our Asia Privacy Forums have been good experiences, I think here in our fourth year, we finally truly hit our stride as an organization. Each panel was timely, informative and well constructed. And the collective energy was excellent. People are hungry for knowledge. I'm glad we could provide a forum for them to get some of what they need.

Comments

If you want to comment on this post, you need to login.