2017 was a momentous year for data protection and cyber security regulation globally, and it is noteworthy how significant the developments in the Asia-Pacific region were over the course of the year. Our Asia Pacific Data Protection and Cybersecurity Guide 2018: Shifting landscapes across the Asia-Pacific region provides an overview of regional developments in 2017 and what to look out for in 2018. It features a “heat map” comparing the regulatory environments in Asia’s key jurisdictions, individual country spotlights, and a guide with considerations for businesses setting up compliance programs.
On Monday, June 12, South Korea became the latest country approved to officially join the Asia-Pacific Economic Cooperation’s Cross-Border Privacy Rules system. It is the fifth APEC economy to participate in the system, joining the United States, Canada, Japan, and Mexico. To date, twenty companies—including Apple, Cisco, HP, IBM, Rackspace, and Workday—have been certified under CBPR.
Recent changes to Japan’s Act on the Protection of Personal Information and the establishment of a new Personal Information Protection Commission have raised questions about how the world’s third-largest economy plans to implement new domestic requirements and engage internationally on cross-border data transfers, APEC, new technologies, and more. Hogan Lovells recently hosted some of Japan’s senior data privacy regulators and advisors for a special briefing in our Washington, D.C. offices.
In September, we proudly launched our online client cybersecurity resource portal: Ready, Set, Respond. The portal was designed by our cross-practice team of global practitioners to provide in-house counsel with the tools they need to not only prepare for the inevitable cybersecurity incident, but quickly and easily stay up to date on the evolving state of cybersecurity regulation around the world. Today, we’re taking a closer look at the Asia region with our partner Mark Parsons. Visit Ready, Set, Respond for more information or to take advantage of the tools and data available there.
Asia has seen a proliferation of new and stepped-up data privacy laws in recent years. Many of these laws draw from a common source in the APEC Privacy Framework, a principles-based document that shares origins with Europe’s Directive 95/46. But regional framework notwithstanding, these laws have been implemented with unique features and important nuances in each jurisdiction across the Asia region. Critically, these laws are now being enforced, with high profile data security breaches and enforcement action regularly hitting the headlines in Asia, as elsewhere. Data privacy issues are now board level issues in Asia. Our Data Privacy Regulation Comes of Age in Asia gives an overview of regional developments and features a “heat map” that compares and contrasts regulatory standards and the enforcement environment in Asia’s key jurisdictions.
At the 35th annual Conference of Data Protection Authorities and Privacy Commissioners in Warsaw, Poland today, Hogan Lovells partner and privacy practice lead Christopher Wolf spoke on the issue of privacy and trade in light of the ongoing Transatlantic Trade and Investment Partnership negotiations between the EU and the U.S. This post contains prepared remarks to the commissioner’s on the need for interoperable cross-border privacy standards and the merits of the U.S. privacy regime.
Philippine President Benigno Aquino III signed into law the Data Privacy Act of 2012, which is modeled after the EU Data Protection Directive and the Asia-Pacific Economic Cooperation (APEC) Privacy Framework. The Act contains provisions that govern the processing of personal information, the rights of data subjects (e.g., notice, access, and data portability), and the security of personal information (which includes a breach notification requirement).
Are BCRs the key to global interoperability? Some think so at the IAPP London conference. This post discusses opinions from conference presenters — will BCRs will become more and more popular as corporations implement new accountability measures, or will they fade under the weight of continued bureaucracy?
This blog entry reports on an industry push against “digital protectionism” that can result from overly-restrictive privacy rules, on a speech by a senior US government official promoting enforceable industry codes of conduct, and the APEC cross-border recognition agreement.