- Category: August 2013 - Data Protection & Security
Forrester‘s senior analyst, Masami Kashiwagi, has been researching data privacy laws in Asia Pacific (AP) and spoke to a wealth of different professionals across all kinds of industries, in order to understand the ever-evolving data privacy regulations and policies across 15 different jurisdictions in the region.
Although some organizations have not traditionally taken data privacy issues terribly serious within their AP operations, there is a clear sign that this is beginning to change, according to Kashiwagi. She found out that government, risk, and compliance (GRC) practitioners are starting to see increased demand for their compliance-related services from both government and business sectors, particularly since late 2012.
It doesn‘t really come as a surprise that Kashiwagi also found out that awareness levels of data safety and privacy regulations – and the level of compliance required to abide by these regulations – varies widely across Asia Pacific.
In Asia, the concept of “privacy” or “having a right to privacy” is relatively new in large parts of the region, and legislative environments are highly fragmented among AP countries, Kashiwagi pinpoints. With the aim to regulate telco infrastructure and banking systems, many AP governments have imposed sector-based data privacy and security measures.
And here are some of the broader trends Forrester has identified across the region:
- Data privacy legislations are expanding and changing –A number of ASEAN governments have recently enacted or are planning to enact new privacy laws including Malaysia, the Philippines, and Singapore. Australia and New Zealand (A/NZ) are seeking to accommodate tighter privacy protection and have been debating the need for mandatory data breach notification.
- But, most jurisdictions fail to meet EU standards –The commonwealth nations, Australia, New Zealand and Hong Kong, developed comprehensive privacy laws with a single supervisory agent at an earlier stage than other Asian markets during the late ’80s and ’90s. New Zealand is the only jurisdiction that is considered to have “adequate protection” by the EU-directive up to date.
- Penalties for noncompliance are increasing – Recent amendments of existing privacy laws in Australia and Hong Kong allow the Privacy Commissioner to enforce significant data breach penalties. Violation of a newly enacted data privacy regulation by network service providers in China may result in financial penalties, cancellation of business permit, and/or criminal punishment.
- Cross-border transfer of personal data is unevenly controlled by different jurisdictions – Similarly to the EU, some jurisdictions like Australia, Hong Kong, and South Korea only permit personal data transfer when the destination country has adequate data protection and/or obtained prior consent from individuals. Other conditions may apply, or exporting personal data is not explicitly regulated by law, in other markets in Asia.
Interesting, isn‘t it?
If you are looking for further details, have a look at Forrester‘s report “What You Must Know About Data Privacy Regulations In Asia Pacific”, which provides more detailed analysis and presents best practices for staying on top of these evolving requirements. (Source: http://blogs.forrester.com/masami_kashiwagi)