This article was was originally posted on telecomasia.net.
Companies across Asia face increased scrutiny on data privacy and cybercrime as governments in the region react to the increased frequency and severity of cyber-attacks.
Governments are either strengthening existing laws or creating new ones in response to the growing threat, Marsh said today in a new report Cybercrime in Asia: A Changing Regulatory Environment.
To minimize their exposure to potential regulatory action, the report recommends that companies with single or multinational operations in Asia closely monitor this changing landscape. As well as new regulation, governments have stepped up enforcement, increasing risk exposures for companies which are the subject of a cyber-attack, misuse or mishandle customer data.
“Governments are extremely focused on data privacy and cybercrime regulation and enforcement, as citizens demand better legal protection and recourse for the misuse or mishandling of personal data by companies,” said Stella Tse, leader of Marsh’s Financial and Professional Practice in Asia. “While the new and strengthened regulations impose tougher penalties for breaches, they differ in some areas, such as whether disclosure is mandatory following a breach.”
“Given the complexity and diversity of regulations across the region, companies must adopt a country-by-country approach when assessing their data privacy and cyber liability risk in Asia, and look at ways to manage and transfer data privacy breach and cyber risk that can respond to these evolving regulatory frameworks,” Ms Tse added.
Examples of new, strengthened, or amendments to existing laws in Asia, include:
- Singapore’s Personal Data Protection Act (PDPA), which came into full effect on 2 July 2014, that includes rules on the collection, use, disclosure, and care of personal data, penalties for breaches, and the establishment of a “Do Not Call” register.
- The Philippines’ enactment in 2012 of the Cybercrime Prevention Act, which criminalizes online libel and slander, and the Data Privacy Act.
- South Korea’s implementation of the Personal Information Protection Act in September 2011, considered among the toughest in Asia.
- India’s introduction of the Reasonable Security Practices and Procedures and the Sensitive Personal Data, or Information Amendment, to the Information Technology Act in 2011.
- Taiwan’s Computer-Processed Personal Data Protection Law was amended and renamed the Personal Information Protection Act (PIPA) in 2010, and came into full effect in October 2012.
In addition, China, Indonesia, Japan, Thailand, and Vietnam are currently either reviewing legislation, have draft bills before parliament, or have set up separate government agencies and taskforces to deal with cybercrime.