Oldest

Data Protection

Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.

Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.

Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.

Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.

Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.

Image of boy using binoculars representing companies watching their data

Data Protection Insights

Who is Watching Your Data?

January 20, 2016

The question of data privacy has become one that is shaping the business world of the 21st century. With many technologies advancing in leaps and bounds – as well as the increasing importance of ‘The Internet of Things’ the appointment of a professional Data Protection Officer to ensure legal and mandatory compliance has become a business imperative. We look at how failure to appoint such professionals who can operate at all levels of an organisation can be a costly mistake – not only in terms of revenue – but also in terms of customer trust. Read More

Image of team rowing a boat in river rapids representing the need for breaking down the wallsas a challenge for data protection officers

Data Protection Insights

Breaking Down the Walls – Challenge for Data Protection Officers

February 19, 2016

In this article, we examine how regulators in Asia are mandating the appointment of Data Protection Officers and how these appointees form only one part of a team that must be tasked with not only ensuring the integrity of data, but also in responding to breaches of security. We also touch on the consequences of team members not familiarising themselves with their individual roles and responsibilities. Read More

Image of man standing in from of keyhole with questions representing the unknowns in terms of development in Indonesian privacy rules

Data Protection Insights

Developments in Indonesia’s Personal Data Protection

March 21, 2016

Indonesia boasts one of the fastest growing economies in South East Asia. However, rapid growth has not been followed by robust development on the regulatory side, particularly in the case of specific rules regarding personal data protection. Authors Zacky Zainal Husein and Andin Aditya Rahman argue that clear definitions are paramount in setting the tone of any regulations, including Indonesia’s upcoming personal data protection rules. The article discusses how “personal data” is defined in the draft rules and the potential implications of sectoral regulation. Read More

Image of man flying among clouds representing data protection regulations from cloud technology perspective

Data Protection Insights

Dawn of Data Protection Regulations: Will You Be a Hero or a Villain?

April 19, 2016

Like Superman draws his power from the sun, the cloud imbues organisations with remarkable power and flexibility. But how should organisations wield such power effectively to protect their users and data, especially in light of data protection regulations? Matthias Yeo, APAC CTO of Blue Coat, shares the top 3 tenets of adopting a cloud strategy so you can be the hero, not the villain. Read More

Image of referr giving yellow card to players representing tightening of Malaysia personal data protection standards

Data Protection Insights

Malaysia Personal Data Protection Act – Standards Tightened

April 19, 2016

Following the Malaysia Personal Data Protection Act (PDPA), the Personal Data Protection Standards 2015 sets out the "minimum" standards to be observed. Read More

Image of EU flags in front of building representing European Union GDPR from an Asian perspective

Data Protection Insights

Overhaul of European Union GDPR – An Asian Perspective (Part I)

April 19, 2016

The General Data Protection Regulation is the first comprehensive overhaul of European Union data protection rules in 20 years. This two-part article will examine the GDPR’s impact on businesses in Asia, with a focus on territorial scope, controller and processor obligations, and international data transfers. Read More

Image of hammer and gavel against backrop of soccer ball and red and yellow cards representing data protection

Data Protection Insights

Data Protection – A Tale of Two Cities

May 21, 2016

As personal data protection continue to challenge companies it is becoming apparent that the commissions and other structures that police these issues have become impatient with organisations that are not complying with recommendations. For the first time those companies which have suffered a data breach and been found not in compliance are feeling the wrath of governing bodies. Read More

Image of globe with network connections around the world representing the Asian perspective on the European Union GDPR

Data Protection Insights

Overhaul of European Union GDPR – An Asian Perspective (Part II)

June 21, 2016

In our first article on the European Union General Data Protection Regulation (Regulation (EU) 2016/679 or ‘GDPR’) we focused on the global territorial scope of the new rules and how they could affect businesses based in Asia. In particular, we highlighted how the enhanced rights of data subjects in the EU and the expanded obligations on data controllers and data processors — even if they are located outside the EU — provide much for businesses to consider as they become compliant with the new rules. In this second article, we will focus on the new regulatory-enforcement regime and international data transfers, and then draw comparisons with the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system. Read More

Image of goldfish jumping from one tank to another representing Brexit and what's going to change for Asia data

Data Protection Insights

Asia, Data and Brexit – What’s Going to Change?

July 23, 2016

The exit of the United Kingdom from the EU has caused turmoil in world markets and has far reaching consequences for those companies in the European Union doing business with the country – and vice versa. There has also been some uncertainty about how the authorities based in London will be treating data security and privacy issues. The consensus seems to be that companies doing business with the second largest economy in Europe (after Germany) should be adopting a ‘business as usual’ approach. However, will this necessarily be the case in the future? Will global companies with a British connection (including those in Asia) be forced to revisit how they treat data security and privacy issues when dealing with the United Kingdom – and will British companies move away from the rules that have been set in place by Brussels? We take a closer look. Read More

Image of girl with mask and cape representing the requirement for a new type of information technology and security professional

Data Protection Insights

Is a New Type of Information Technology and Security Professional Required?

August 26, 2016

In part one of a two part series, we examine some of the challenges that companies face in terms of the evolving privacy and data protection landscape. Data protection and privacy issues are now bedrock strategic issues for companies across the world and Information Security professionals are now under even more pressure to ensure that data remains secure. The value of data as an intangible asset continues to grow and legislation and regulation is becoming ever more stringent. The onus is on companies to comply or suffer the consequences. This is going to require a whole new breed of information security professional. In part two of this series (in next month’s newsletter) we’ll look at the argument for and against a new role combining Chief Security and Privacy Officer in this rapidly evolving regulatory environment. Read More