By

Yuet Ming Tham

11 September 2017

FinTech and Regulatory Sandboxes in the UK, Hong Kong and Singapore

As the FinTech industry continues to expand, regulators around the globe are starting to react. The past 18 months have seen the emergence of a new trend in financial services regulation, the “sandbox.”

Since the launch of the UK’s regulatory sandbox in May 2016, regulators across the globe have adopted similar frameworks. There are now regulatory sandboxes in Abu Dhabi, Australia, Canada, Hong Kong, Lithuania, Singapore, Switzerland and Thailand, to name a few, and the European Union recently set out proposals for a possible EU-wide regulatory sandbox. (more…)

SHARE
EmailPrintShare
04 August 2017

Singapore’s Privacy Watchdog Proposes Changes to Personal Data Protection Act

Singapore’s Personal Data Protection Commission (PDPC) has launched a public consultation into a proposed revision to the law that would require reporting of certain data breaches. Singapore currently uses a voluntary approach to data breach notifications, but, according to the PDPC, this has resulted in uneven notification practices. Under the proposals, it will be mandatory for organizations to inform customers of personal data breaches that pose any risk of impact or harm to the affected individual as soon as they are discovered. If an incident involves 500 or more individuals, organizations will need to notify the PDPC as soon as possible but no later than 72 hours after discovery of the breach. The proposals aim to allow individuals to take steps to protect their interests in the event of a data breach, for example, by changing their password. (more…)

SHARE
EmailPrintShare
27 April 2017

Singapore’s Personal Data Protection Commission Publishes Advisory Guidelines on the Use of Anonymized Data

The Personal Data Protection Act, 2012 (PDPA), Singapore’s general data protection law, governs the collection, use and disclosure of personal data. The Singapore Personal Data Protection Commission (PDPC), which enforces the PDPA, recently updated the chapter on data anonymization found in its Advisory Guidelines (Guidelines). The Guidelines are not legally binding but provide guidance on how the PDPC will interpret the PDPA. The revisions encourage organizations to incorporate into the process of anonymizing data an inquiry into the risks that the data may be re-identified and any potential negative effect on the individuals involved rather than focusing purely on the various techniques to anonymize the data.

(more…)

SHARE
EmailPrintShare
12 April 2017

Proposed Strengthening of Singapore Cybersecurity Law

In keeping with Singapore’s recent emphasis on strengthening national cybersecurity protections, on March 9, 2017, the Ministry of Home Affairs (MHA) announced proposed amendments to the existing Computer Misuse and Cybersecurity Act (CMCA). The proposed amendment, Bill No. 15/2017, would broaden the scope of the CMCA by criminalizing certain conduct not covered by the existing law and enhancing penalties in certain situations.

(more…)

SHARE
EmailPrintShare
15 November 2016

China Adopts Cyber Security Law

On November 7, 2016, the Standing Committee of the National People’s Congress of China promulgated the Cyber Security Law of the People’s Republic of China (the “Cyber Security Law”) after three rounds of readings in June 2015, June and October 2016, respectively.  The Cyber Security Law will enter into force on June 1, 2017.  As early as July 1, 2015, the National Security Law of the People’s Republic of China was promulgated, expressly providing that the state shall “safeguard sovereignty and security of cyberspace in the state,” a theme that is reiterated and emphasized in Article 1 of the Cyber Security Law.  The introduction of the concept of “cyber space sovereignty” in the Cyber Security Law echoes the views of President Xi Jinping, who is also the head of the Office of the Central Leading Group for Cyberspace Affairs, and who has stated in February 2014 that “[n]o cyber safety means no national security.”  Critically, the Cyber Security Law may have global implications, as the Law applies to both Chinese and international businesses engaging in the construction, operation, maintenance or use of information networks in China.

(more…)

SHARE
EmailPrintShare
15 August 2016

Singapore Parliament to Bring Up Cybersecurity Bill in 2017

The Singapore government has renewed its emphasis on cybersecurity due to the increase in incidents affecting the private and public sectors both domestically and around the world. As a result, Singapore set up its Cyber Security Agency (CSA) on April 1, 2015, to oversee strategy, education, outreach and industry development. On April 11, 2016, Dr. Yaacob Ibrahim, Minister for Communications and Information, announced that the government would develop a Cybersecurity Act (Cybersecurity Bill), which is expected to be tabled in Parliament next year.

(more…)

SHARE
EmailPrintShare
22 April 2016

South Korea Enacts Stricter Penalties for Data Protection Violations by Telecommunications and Online Services Providers

South Korea has enacted stricter penalties for violations of data protection or privacy requirements by telecommunications and online service providers, including potentially steep damages in the wake of a data breach. The amendment (the “Amendment”) to South Korea’s Act on the Promotion of IT Network Use and Information Protection (“Network Act”) became law on March 22, 2016 and will become effective on September 23, 2016. The Network Act regulates and protects the personal information of individuals (“Information Subjects”) that are collected, used and disclosed by telecommunications and online service providers (“Service Providers.”) Overall, the Amendment provides heavier penalties for violating privacy provisions in the Network Act. The increased penalties and stricter privacy standards are consistent with recent amendments in other Korean privacy laws, such as the Personal Information Protection Act and the Utilization and Protection of Credit Information Act.

(more…)

SHARE
EmailPrintShare
07 March 2016

Technology Companies Should Prepare for Implications of China’s New Anti-Terrorism Law

On January 1, 2016, China’s National People’s Congress Standing Committee enacted the new Anti-Terrorism Law (反恐怖主义法) that gives broad powers to the Chinese authorities to access and handle data held by telecommunications operators and internet providers (together, “Technology Companies”).  This law provides a legal framework to compel Technology Companies to cooperate and assist the Chinese authorities to combat the threat of “terrorism.”

(more…)

SHARE
EmailPrintShare
29 July 2015

New Chinese National Security Law Brings Further Focus to Global Cybersecurity

On July 1, 2015, China’s top legislature adopted a new National Security Law (中华人民共和国国家安全法), highlighting cyber security and paving the way for a coordinated crisis management system.  The law aims to provide a general legislative framework to cover a wide range of areas, ranging from finance, politics, the military and cyber security to culture, ideology and religion.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator