On 6 June, 2019, the Privacy Commissioner for Personal Data issued an enforcement notice against Cathay Pacific Airways (and its affiliate Hong Kong Dragon Airlines) (together, “Cathay Pacific”) in respect of a data breach concerning unauthorized access to the personal data of some 9.4 million Cathay Pacific customers.
2018 was a momentous year for data protection and cyber security regulation globally – the implementation of the European Union’s General Data Protection Regulation (GDPR) was, of course, the main event. The shockwaves of GDPR hit APAC with full force, coupled with the promulgation of an important GDPR-inspired national standard in China and the tabling of a draft data protection law in India that shares the same lineage. Rising public awareness of data protection concerns, due to the ever increasing volume and scale of cyber incidents in APAC, means that these issues are front and centre for organizations in terms of brand values, effective risk management and stewardship of increasingly valuable data assets. Our Guide provides a practical toolkit for organizations seeking to create an effective data protection and cyber security compliance program.
In this hoganlovells.com interview, Mark Parsons, a Hogan Lovells partner based in Hong Kong, summarizes the current status of IoT-related policies in the Asia-Pacific region and discusses changes anticipated in 2019.
2017 was a momentous year for data protection and cyber security regulation globally, and it is noteworthy how significant the developments in the Asia-Pacific region were over the course of the year. Our Asia Pacific Data Protection and Cybersecurity Guide 2018: Shifting landscapes across the Asia-Pacific region provides an overview of regional developments in 2017 and what to look out for in 2018. It features a “heat map” comparing the regulatory environments in Asia’s key jurisdictions, individual country spotlights, and a guide with considerations for businesses setting up compliance programs.
The Philippines’ first comprehensive data protection law, the Data Privacy Act of 2012, took effect on 8 September 2012. The Act mandated the creation of a National Privacy Commission to implement, enforce and monitor compliance with the Act, with one of its duties to promulgate rules and regulations to effectively implement the provisions of the Act. It was not until March 2016 that the NPC was officially formed, and soon after issued draft implementing rules and regulations of the Act. Following a period of public consultation, the implementing rules and regulations were finalised and formally promulgated on 24 August 2016 and will come into effect today, 9 September 2016.
2014 was a very eventful year for data privacy regulation in Asia and there are reasons to believe that 2015 will represent a turning point for the region as established privacy regimes are toughened and new regimes enacted in recent years begin to mature. The past year saw a number of significant regulatory developments, in particular the implementation of new, comprehensive “European-style” privacy laws in Singapore and Malaysia, the amendment of China’s consumer protection law to include data privacy principles and increased financial penalties in South Korea.