A recent Slator roundtable, sponsored by Lionbridge, tackled the topics of cybersecurity, privacy and data protection, particularly in Asia:
“The reality is that, in today’s world, personal data is an asset,” said Elizabeth Cole, Partner at Jones Day.
“We talk a lot about breaches, but almost all of us use personal data for multiple reasons — for employment, for identifying talent (in our organizations), for research, or for aggregating data from customers. And all of the new technologies — cloud storage, Internet of things, among others – is impacting how data is processed, used, and stored.”
In Asia Pacific, Cole said every country struggles to introduce regulations that would mitigate the impact of cyber risks. However, country regulations today are varied and at different stages of implementation.
“South Korea is one of the most aggressive in enforcing regulations. It has both national and sector-specific laws, as well as detailed data security obligations and data breach notification requirements,” she said.
Australia and Japan also have comprehensive privacy and cyber security laws. In February 2017, Australia introduced the data breach notification law, which specifies a set of principles for compliance for cross-border disclosure of personal information.
Meanwhile, Japan approved new changes in its laws that will expand the scope of its rules in processing big data, restrict more cross-border transfers, and guide organizational response to a data breach, effective May 1, 2017.
In Cole’s view, Singapore and Hong Kong tend to be more conciliatory and are constantly looking at ways to help organizations develop their systems. Though Hong Kong has a Data Privacy Ordinance that restricts cross-border data transfers, it has not implemented the law and merely issued voluntary guidelines.
China also does not yet have a national data protection law. It has only sector-specific laws on data protection obligations dealing with consumer, employment, and finance. It, however, passed a cybersecurity law, which takes effect June 1, 2017.
“There are some jurisdictions that still don’t have comprehensive laws — Indonesia and Thailand are the two big ones here in Asia,” Cole noted, adding that many see the need to keep their jurisdictions a safe place to do business by allowing easy transfer against the need to protect data.