The Privacy Advisor recently caught up with ShanShan Pa, CIPP/US, CIPP/E, CIPM, FIP, head of privacy and compliance for U.S. and Europe at Alibaba Cloud. Speaking shortly after her return from the IAPP Asia Privacy Forum, Pa shared her thoughts on the summit, regulatory developments across the Asia-Pacific region, and trends she sees emerging. A well-established volunteer at the IAPP, Pa has contributed articles to The Privacy Advisor, participated as a Young Privacy Pro Leader, been a member on IAPP web cons, and spoken at several conferences. Currently, she is chair of the Boston KnowledgeNet chapter and is a board member to both the IAPP Publications Advisory Board and the Women Leading Privacy Advisory Board.
The Privacy Advisor: You were recently at the IAPP Asia Privacy Forum. What was the big take-away from the event?
ShanShan Pa: The privacy community in Asia is very active. Not only is the community focused on their own privacy developments, but they are also well versed on the EU General Data Protection Regulation and the new California Consumer Privacy Act of 2018. I was surprised by the knowledge base of the privacy environment at the IAPP Asia Privacy Forum. This was my first time attending the event, and I would say it's very different from other regions.
The Privacy Advisor: What kinds of emerging trends do you see in the laws and regulation in Asia-Pacific countries?
Pa: Following the GDPR, there has been a domino effect of new or amended privacy regulation worldwide. For the APAC region specifically, countries are actively developing regulations. Already, two or three countries have altered their privacy regulation, and India just recently released its long-awaited draft privacy regulation. There is never a quiet moment. Across Asia, in general, there is a move [for countries] to create their own regulations or catch up with existing European regulation.
The Privacy Advisor: How will Japan’s recent adequacy agreement with the EU change things in neighboring regions? Is there an added incentive to create similar regulatory frameworks in the name of achieving adequacy with Europe?
Pa: It definitely gets people thinking, but I think there is even more attention on the value-added economic side of gaining adequacy. In the digital world, it presents an opportunity and convenience to do businesses across borders. If you have a global business, there will be a motivator to create the regulatory incentive for data protection and privacy. Right now, if a company is doing business just within the Asian market, there might not be a lot of incentive to develop the necessary framework. More countries will take achieving adequacy and the necessary regulatory framework into consideration if they want to engage in the global market.
The Privacy Advisor: You have written on various privacy and data protection regulations across Asia. Have you noticed a shift in how privacy and data protection are viewed in the workplace?
Pa: The privacy awareness in the workplace has definitely improved compared to a couple of years ago. Not only because at work we continue to train our employees to develop a total awareness of privacy, but we must also consider the ever-changing privacy regulation landscape and its requirements that would impact our businesses.
The Privacy Advisor: You describe yourself as an advocate for bridging privacy and security. How have you seen your role transform over your career?
Pa: In the years before the GDPR, I think people focused more on the security aspect. Partly because the internet is so popular, people heard more about security incidents and how they impacted people’s digital lives than they did privacy concerns. Privacy really only got mentioned in the social engineering part of security. Over time, attention to privacy has increased, and the GDPR has certainly helped. I have always thought the two should go hand in hand; you can’t have one without the other. I think for many companies, privacy by design and security by design need to be stressed equally. They need to be seen together.
The Privacy Advisor: What advice do you have for privacy professionals joining the field?
Pa: I joined as a young privacy professional, and that certainly helped open my eyes. Even just talking to other professionals at the events really helped me gain some perspective. The IAPP provided me with a lot of resources, and a lot of times, you need to hear more from people around the world to have a holistic view of the privacy industry. It’s important to learn how privacy works for each country, each company or even each individual.
If you want to comment on this post, you need to login.