Data Privacy in Asia- Looking Back At 2016

Looking back at 2016, it is apparent that the data privacy legislation in Asia has been very active. Though some jurisdictions elsewhere in the world have not yet grappled with data privacy issues, many jurisdictions in Asia have or are in the process of doing so. Amongst the more active jurisdictions in Asia from a data privacy perspective are Korea, Hong Kong, Malaysia, Japan, Singapore and India.  China and Thailand are not that active yet.Though they may have different data privacy regimes in Asia, their data privacy laws do have common elements that are worth discussing.  There are in fact, five common elements found in the various data protection laws of most Asian countries including Korea, Hong Kong, Singapore and India. They are:

1. Data Retention- Most laws require organizations to retain personal information for a certain period of time;
2. Data Integrity- Most laws require that organizations that collect personal data have to ensure their records are accurate;
3. Access - Most laws require that individuals have the right to access the information organizations have collected about themselves;
4. Security- All laws require that organizations that collect and use personal information must take reasonable efforts to protect the information; and
5. Choice- All privacy laws have a choice element whether it is opt-in, etc.

A review of the data privacy laws of Korea, Singapore, Hong Kong and other Asian countries , reveals that the approaches they take differs from each other as well as other regions in the world. For instance, some require organizations to appoint a data privacy officer (DPO) while others merely recommend it.  Some only allow cross border transfers of personal information to countries that have adequate levels of protection.  And, some countries, such as Korea place more emphasis on consent to legitimize the collection of personal information than other countries.

For companies doing business in Asia, it is important to understand the differences as well as similarities of the data protections laws of each country. This is now more true than ever as violations of these laws can result in  significant criminal and civil penalties and fines.  Enforcement of data protections laws vary by country , but in today’s environment, regulators are increasing their enforcement efforts and in fact are imposing more fines than in the past.

It behooves every organization doing business in Asia to have a look at its data privacy processes. Failure to comply with the various laws could result in fines as well as unwanted publicity resulting in a negative impact on the company’s brand or reputation. So, if your Risk Manager or your DPO hasn't looked at your data privacy policies with respect to Asian countries, I encourage them to do so..