The Hong Kong Office of the Privacy Commissioner for Personal Data (the “Hong Kong Data Privacy Commissioner”) has recently published compliance guidance on the upcoming GDPR to raise awareness in Hong Kong companies about the potential effects and reforms needed in order to comply with the new GDPR requirements. (more…)
On March 6, 2018, Singapore announced that it has joined the APEC Cross-Border Privacy Rules (CBPR) system as well as the APEC Privacy Recognition for Processors (PRP) program. Singapore is the sixth member of the CBPR system, which includes Canada, Japan, Korea, Mexico and the United States, and is the second member of the PRP program after the US. (more…)
On Feb. 13, 2018, the Monetary Authority of Singapore (MAS) issued a Consultation Paper on the Proposed E-Payments User Protection Guidelines (Consultation Paper). Under the Consultation Paper, the MAS proposes to issue a set of guidelines (Guidelines) to standardize the protection offered to individuals or micro-enterprises from losses arising from unauthorized or mistaken payment transactions.
The Guidelines are part of MAS’s ongoing review of Singapore’s regulatory framework for payment services. They are meant to provide general guidance and are not intended to be comprehensive or to replace or override any legislation.
This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. We expect each of these trends to continue in 2018.
As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: (more…)
With the rise in drone usage for both commercial and recreational activities, air safety regulators around the world have increasingly focused on the impact of drones (otherwise known as unmanned aircraft systems or UAS) on flight safety and efficiency. Consistent with calls by the International Air Transport Association (IATA) for more oversight, Hong Kong’s Civil Aviation Department (CAD) recently announced plans to step up the regulation of commercial and recreational drones.
The fourth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the links below for a closer look at this developing area of law. (more…)
The EU Commission, through a joint statement on 4 July 2017 by Vera Jourova, EU Commissioner for Justice, and Haruchi Kumazawa, a Commissioner of Japan’s Personal Information Protection Commission, announced that the process is underway to provide Japan an EU adequacy decision on international data transfers by early 2018. Once approved, Japan will become the 13th country (crediting the US with an adequacy finding for organizations certifying under the Privacy Shield) globally and the first Asian country to be given adequate status by the EU Commission. (more…)
As the FinTech industry continues to expand, regulators around the globe are starting to react. The past 18 months have seen the emergence of a new trend in financial services regulation, the “sandbox.”
Since the launch of the UK’s regulatory sandbox in May 2016, regulators across the globe have adopted similar frameworks. There are now regulatory sandboxes in Abu Dhabi, Australia, Canada, Hong Kong, Lithuania, Singapore, Switzerland and Thailand, to name a few, and the European Union recently set out proposals for a possible EU-wide regulatory sandbox. (more…)
Singapore’s Personal Data Protection Commission (PDPC) has launched a public consultation into a proposed revision to the law that would require reporting of certain data breaches. Singapore currently uses a voluntary approach to data breach notifications, but, according to the PDPC, this has resulted in uneven notification practices. Under the proposals, it will be mandatory for organizations to inform customers of personal data breaches that pose any risk of impact or harm to the affected individual as soon as they are discovered. If an incident involves 500 or more individuals, organizations will need to notify the PDPC as soon as possible but no later than 72 hours after discovery of the breach. The proposals aim to allow individuals to take steps to protect their interests in the event of a data breach, for example, by changing their password. (more…)