As part of my ongoing research into data privacy laws in Asia Pacific (AP), I spoke with chief information security officers (CISOs), consultants, lawyers, and governance, risk, and compliance (GRC) professionals. This is critical to gauge key decision-makers’ awareness and understanding of the ever-evolving data privacy regulations and policies across 15 different jurisdictions in the region.
Some senior people have admitted to me that their organizations have not traditionally taken data privacy issues terribly seriously within their AP operations. However, in a clear sign that this is beginning to change, GRC practitioners are starting to see increased demand for their compliance-related services from both government and business sectors, particularly since late 2012. Regardless of where you stand on this spectrum, the reality is that the awareness levels of data-related regulations – and the level of compliance required to abide by these regulations – varies widely across the region.
This should not be particularly surprising. The concept of “privacy” or “right to privacy” is relatively new in large parts of the region, and legislative environments are highly fragmented among AP countries. With drastic economic changes and technology advancement under way, many AP governments have imposed sector-based data privacy and security measures, aiming to regulate telecommunication network infrastructure and banking systems in particular.
Below are some of the broader trends we’re seeing across the region: