(Jul 30, 2015) Long-time barrister Stephen Wong Kai-yi has been appointed as Hong Kong’s next privacy commissioner, South China Morning Post reports. "I hope I could strengthen the work (of the commission) and maintain its high quality," Wong said. He also “stressed that it was important to protect the privacy of every individual as well as the free flow of information—which was a core value of Hong Kong,” the report states, adding he hopes “through education, Hongkongers could take ‘control’ of their own data—meaning they could decide whether to give it out or not—and to understand the consequences of passing it to third parties.” Wong begins his term August 4. (Registration may be required to access this story.) Read More

Asia-Pacific Dashboard Digest

“Culture of Silence” Supports Cyber-Attack Growth

(Jul 30, 2015) As cyber-attacks increase in Asia, experts like Trend Micro’s Tom Kellermann cite a “culture of silence” as well as the “deep-seated historical mistrust in the region (that) undermines true collaboration” as causes behind the trend, Bloomberg Business reports. “The vulnerability is the same in Asia as in the U.S. and Europe,” said FireEye’s Asia Pacific CTO Bryce Boland. “What’s different is, in Asia there’s essentially no disclosure requirement.” That means 42 percent of the world’s Internet us... Read More

Asia-Pacific Dashboard Digest

PDPC Call Center Manager Discusses DNC, 2014 Provisions

(Jul 30, 2015) In an interview with DPO Connect, Calvin Lam, the Personal Data Protection Commission’s call center manager, discusses the two-year-old organization’s most common questions while clearing up misconceptions. The Do Not Call (DNC) registry sparks the most confusion, he explains, as folks erroneously “thought that their telephone numbers would be automatically registered on the DNC Registry.” Lam also touches on the 2014 Provisions. “Some organizations think that the appointment of a DPO is optional,” Lam explains. “It is actually mandatory under the PDPA for every organization to have at least one individual to handle data protection responsibilities and ensure compliance with the PDPA.” Read More

Asia-Pacific Dashboard Digest

Labor Calls for Law Reforms

(Jul 30, 2015) At the 2015 ALP National Conference, NSW Labor member Jo Haylen called for reform of the country’s mandatory data retention legislation, arguing that the law asks Australians to "sacrifice their privacy supposedly for the sake of security,” CNET reports. “Proponents of metadata retention say those who do nothing wrong have nothing to fear, but these laws help create a culture of fear,” Haylen said, describing it as a “culture where we are all under suspicion and subject to heightened mass surveillance." Haylen’s comments inspired cheers from groups like Electronic Frontiers Australia (EFA) and Internet Australia, with the former calling the criticisms “reassuring.” Read More

Asia-Pacific Dashboard Digest

PCPD Publishes Updated Guidance

(Jul 30, 2015) The Office of the Privacy Commissioner for Personal Data (PCPD) published an updated version of its Guidance on the Collection and Use of Biometric Data, clarifying “when it is appropriate to collect biometric data as well as the measures required to ensure its correct and safe processing,” Data Guidance reports. “What is interesting is that this Guidance seeks to stretch the concepts of personal data in the privacy law by distinguishing between different levels of sensitivity in personal data," said Baker & McKenzie’s Anna Gamvros, CIPT. The PCPD’s guidance “should really be seen, not just as best practice but as minimum compliance standards,” added Simmons & Simmons’ Alexander Shepherd and Carolyn Bigg. Read More

Asia-Pacific Dashboard Digest

New Operating System Brings Cheers and Privacy Concerns

(Jul 30, 2015) With the rollout Wednesday of Microsoft’s new operating system, Windows 10, many praised its new features while others expressed concerns about user privacy, Information Age reports. For those using Windows 7 or 8, the upgrade is free, but some are pointing out that comes with a privacy trade-off, as has been demonstrated in Microsoft’s new privacy policy and services agreement, the report states. Microsoft Deputy General Counsel Horacio Gutiérrez said the company’s new dashboard creates a “straightforward resource for understanding Microsoft’s commitments to protecting individual privacy with these services.” Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Getting to Accountability with Limited Resources

(Jul 29, 2015) With regulators around the world calling for organizations to be accountable with their privacy practices, often privacy officers struggle to manage such requirements with limited resources. The challenges faced by privacy officers can include “communicating a definitive privacy-management program, leveraging and motivating individuals throughout the organization and justifying the business case to obtain the necessary resources,” writes Nymity President and Founder Terry McQuay, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM. In this post for Privacy Perspectives, McQuay discusses how privacy officers can implement successful privacy-management activities by using a resource-based approach. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

UN Gives U.S. Failing Grade on Privacy

(Jul 29, 2015) The U.S. scores very low on protecting its citizens’ privacy, according to a new United Nations Human Rights Committee Review. The committee’s midterm report cards for several countries, including Bolivia, Hong Kong, Norway, Portugal and the U.S., look at how well the countries have adhered to and implemented UN recommendations on the International Covenant of Civil and Political Rights. In several aspects of protecting privacy, the U.S. was graded “not satisfactory,” The Intercept reports. Specifically, the U.S. government has not established an adequate oversight system to ensure privacy rights are being upheld, the report states. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Keystroke-Monitoring Identified as Anonymity Threat

(Jul 29, 2015) Monitoring a user’s keystrokes, “a sort of digital fingerprint that can betray its owner’s identity,” has been identified by security researchers as a threat for Tor users, Ars Technica reports. “The risk to anonymity and privacy is that you can profile me and log what I am doing on one page and then compare that to the profile you have built on another page,” said security researcher Runa Sandvik. “Suddenly, the IP address I am using to connect to these two sites matters much less." Researchers Per Thorsheim and Paul Moore developed a Chrome plugin to ward off these attacks. "For oppressive regimes, this is most certainly of high interest," Thorsheim said. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Report Studies Impact of Drones on Data Security

(Jul 28, 2015) A study by Tractica indicates that as widespread interest in drone use grows so will the need for more sophisticated data analysis and protection, IT Canada reports. “There are many other IT considerations,” Tractica’s Bob Lockhart said in the report. “Just like other mobile devices, drones are targets for theft of data and intellectual property, and drone inputs could affect certifications such as ISO9001 or ISO27001 for information security.” Data storage policies should also be in place. “Drones could produce huge amounts of data for organizations that are not used to large data volumes, so organizations should have a data science program ready in advance, he said, and know where the data be stored and processed,” the report states. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest