Privacy laws around the world are playing a game of catch up as emerging technologies change the nature of information gathering, storage and processing in ways that were unimaginable just a few short years ago.
At the IAPP Summit, titled Privacy@Play and held in Sydney on 17 November 2014, leaders in privacy law-making from across the Asia Pacific region discussed some of the emerging issues and challenges.
The panel discussion, chaired by former Australian Privacy Commissioner and now Managing Director of consulting firm IIS Malcolm Crompton, brought together Katrine Evans, Assistant Commissioner at Office of the Privacy Commissioner in New Zealand, Hiroshi Miyashita, Associate Professor of Law from Chuo University in Tokyo, Allan Chiang, Privacy Commissioner for Personal Data in Hong Kong, Dr Zainel Abidin Sait, Deputy Director General for Personal Data Protection from Malaysia, Mr David Alfred, Chief Counsel for Personal Data Protection Commission from Singapore, and Australia's Privacy Commissioner Timothy Pilgrim.
Compton opened the discussion by asking Pilgrim for his thoughts on the latest developments in the area of privacy. He reiterated a couple of issues from his opening keynote, asking the conference delegates to find ways to improve privacy practices within their own organisations with a focus on dealing with the issues of the great growth of data.
"Organisations need to be aware of what they’ve got, what they're doing with it, who's going to get and the fact that you'll generally remain accountable for it. That's going to be a big issue in the future - accountability".
Evans noted that while New Zealand was not as far advanced with legislation, that was being addressed with obligations for mandatory breach notifications.
"The Privacy Commissioner will have greater compliance powers so they'll be able to issue an enforceable order," she explained. "We'll also have better cross-border protections".
One of the balances Evans said New Zealand was trying to achieve was to find ways to unlock and take advantage of the value massive volumes of data can deliver without compromising the privacy rights of individuals.
Malaysia, according to Sait, has just celebrated the first year of enforcement of its privacy laws. What stood out was that privacy was seen as an enabler.
"It's a process - process to generate prosperity among the people. The process is to create new culture. Protecting personal data is everybody's responsibility," he said.
The view from Singapore, espoused by Alfred, noted that their data protection laws are about two years old and that their commission was established last year. The enforcement regime became active this year but no breaches have yet been reported.
"What we did last year, and what we continue to do, is about outreach to individual organisations. Since the law is new, it's very much about education and encouraging the culture of respecting personal data and letting organisations understand how they can use data for their various purposes in a way that is valuable to them while protecting individual's personal data," he explained.
Miyashita raised the interesting point that culture is a very important element of privacy. He noted that Japanese culture was very community focussed and that personal privacy was viewed as a form of individualism. Service to public is considered more valuable than personal benefit, he said.
However, faced with technical changes that have arisen through the big data era, Miyashita noted that new laws were coming into effect that better define personal data.
"There was a big data scandal in July 2013. A railroad company sold four million customers' data to a data analytics company. The data was anonymous but there was a huge opposition and protest from the consumer'" he explained.
Although the data was made anonymous, data scientists in Japan made it clear that there was not 100% foolproof way of anonymising data.
Chiang joined the panel discussion via a video hook-up from his office in Hong Kong.
His focus over the last two years has been a project regarding the promotion of accountability in Hong Kong among major organisations. Having moved from three decades of working in the postal service, Chiang was surprised that when he moved the Privacy Commission that the focus was on legal compliance.
"It's not enough in protecting data privacy. The use of accountability, the use of privacy management profiles and programs in ensuring - we really can do privacy and data protection responsibly," he said.
"In service industry - customer is king. We really need to live up to the privacy expectation of the customer. That philosophy will change the way companies would treat the subject of privacy," he added.
This article is brought to you by Enex TestLab, content directors for CSO Australia.