Thought Leadership in Privacy

Privacy laws around the world are playing a game of catch up as emerging technologies change the nature of information gathering, storage and processing in ways that were unimaginable just a few short years ago.

At the IAPP Summit, titled Privacy@Play and held in Sydney on 17 November 2014, leaders in privacy law-making from across the Asia Pacific region discussed some of the emerging issues and challenges.

The panel discussion, chaired by former Australian Privacy Commissioner and now Managing Director of consulting firm IIS Malcolm Crompton, brought together Katrine Evans, Assistant Commissioner at Office of the Privacy Commissioner in New Zealand, Hiroshi Miyashita, Associate Professor of Law from Chuo University in Tokyo, Allan Chiang, Privacy Commissioner for Personal Data in Hong Kong, Dr Zainel Abidin Sait, Deputy Director General for Personal Data Protection from Malaysia, Mr David Alfred, Chief Counsel for Personal Data Protection Commission from Singapore, and Australia's Privacy Commissioner Timothy Pilgrim.


Compton opened the discussion by asking Pilgrim for his thoughts on the latest developments in the area of privacy. He reiterated a couple of issues from his opening keynote, asking the conference delegates to find ways to improve privacy practices within their own organisations with a focus on dealing with the issues of the great growth of data.

"Organisations need to be aware of what they’ve got, what they're doing with it, who's going to get and the fact that you'll generally remain accountable for it. That's going to be a big issue in the future - accountability".

New Zealand

Evans noted that while New Zealand was not as far advanced with legislation, that was being addressed with obligations for mandatory breach notifications.

"The Privacy Commissioner will have greater compliance powers so they'll be able to issue an enforceable order," she explained. "We'll also have better cross-border protections".

One of the balances Evans said New Zealand was trying to achieve was to find ways to unlock and take advantage of the value massive volumes of data can deliver without compromising the privacy rights of individuals.


Malaysia, according to Sait, has just celebrated the first year of enforcement of its privacy laws. What stood out was that privacy was seen as an enabler.

"It's a process - process to generate prosperity among the people. The process is to create new culture. Protecting personal data is everybody's responsibility," he said.

Read more: Hong Kong CIO shares biometrics deployment tips


The view from Singapore, espoused by Alfred, noted that their data protection laws are about two years old and that their commission was established last year. The enforcement regime became active this year but no breaches have yet been reported.

"What we did last year, and what we continue to do, is about outreach to individual organisations. Since the law is new, it's very much about education and encouraging the culture of respecting personal data and letting organisations understand how they can use data for their various purposes in a way that is valuable to them while protecting individual's personal data," he explained.


Miyashita raised the interesting point that culture is a very important element of privacy. He noted that Japanese culture was very community focussed and that personal privacy was viewed as a form of individualism. Service to public is considered more valuable than personal benefit, he said.

However, faced with technical changes that have arisen through the big data era, Miyashita noted that new laws were coming into effect that better define personal data.

"There was a big data scandal in July 2013. A railroad company sold four million customers' data to a data analytics company. The data was anonymous but there was a huge opposition and protest from the consumer'" he explained.

Although the data was made anonymous, data scientists in Japan made it clear that there was not 100% foolproof way of anonymising data.

Read more: G20 targeted as malware authors hone in on Tibet activists

Hong Kong

Chiang joined the panel discussion via a video hook-up from his office in Hong Kong.

His focus over the last two years has been a project regarding the promotion of accountability in Hong Kong among major organisations. Having moved from three decades of working in the postal service, Chiang was surprised that when he moved the Privacy Commission that the focus was on legal compliance.

"It's not enough in protecting data privacy. The use of accountability, the use of privacy management profiles and programs in ensuring - we really can do privacy and data protection responsibly," he said.

"In service industry - customer is king. We really need to live up to the privacy expectation of the customer. That philosophy will change the way companies would treat the subject of privacy," he added.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags leadershipprivacy at playNew ZealanddataIAPP SummitHong Kongprivacy commissioneraccountabilityAllan ChiangprivacyComputingEnex TestLabMalaysiaAustraliaprivacy lawsleaderCSO Australiamanaging directorSingapor

More about CounselCSOEnex TestLab

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place