It was recently revealed that the personal details of 10,000 asylum-seekers housed in Australia were accidently leaked via the Department of Immigration and Border Protection’s website. This has damaged asylum-seekers’ trust in the Australian government and, according to Greens Senator Sarah Hanson-Young, potentially put lives at risk. Such incidents represent significant breaches of local regulations and can result in heavy penalties.
Recent amendments to existing privacy laws in Australia and Hong Kong allow each country’s privacy commissioner to enforce significant penalties for repeated or serious data breaches. Countries like Japan and Taiwan, where new privacy laws have been passed and/or existing ones are being enforced more strictly, also assess penalties for noncompliance.
You must treat the protection of sensitive customer data as a core responsibility essential to your enterprise’s success. Help earn and retain customer trust by formulating a comprehensive strategy for complying with local privacy regulations that includes the following action items:
- Categorize and classify corporate data by the level of sensitivity to enable compliance. Although most organizations have an information classification policy, business and tech management leaders often overlook or don’t enforce them. As a result, organizations can lose all sense of what data they have. Users can duplicate and store sensitive data outside of authorized systems; the organization may fail to label personal data as such — and as a result retain and manipulate it unlawfully. Ensure compliance with regulatory requirements by reviewing your policies and data sets to categorize and classify your most precious information.
- Map the compliance requirements that apply where you operate.Many security leaders assume that the EU Data Protection Directive is the high-water mark and that as long as their organization’s processes largely comply with this standard, it will be compliant globally. Although there is some truth to this belief, such a solution neglects key aspects, such as local requirements around data breach notification, encryption, and cross-border transfer. Work with your CPO and legal counsel to identify the applicable laws and regulations. Reports such as Forrester’s Data Privacy Heat Map are good resources to use when starting your search.
Every organization must abide by various compliance requirements to protect individuals’ sensitive data; however, the reason that these laws and regulations exist is because many organizations haven’t taken privacy seriously enough. Today, protecting your customers’ data should be one of your security team’s core responsibilities. Not only do these efforts help build and maintain the crucial element of customer trust, it ultimately helps keep regulators from feeling that more oversight and intervention are warranted. The Forrester Research report, What You Must Know About Data Privacy Regulations In Asia Pacific, highlights key data privacy regulations from across the Asia Pacific region and provides best practices for staying on top of these evolving requirements.