The framework will support the authorization in Hong Kong of ‘virtual banks’, defined as banks which deliver retail banking services primarily, if not entirely, through the internet or other electronic channels … Continue Reading
On 11 January, 2018, the Hong Kong Monetary Authority (the “HKMA”) published its “Consultation Paper on Open API Framework for the Hong Kong Banking Sector” (the “Consultation Paper”). The Consultation Paper summarizes the approach the HKMA has taken to date in actioning the “Open API” initiative announced by HKMA Chief Executive Norman Chan on 29 September, 2017: one of seven … Continue Reading
On 19 May 2017, the Cyberspace Administration of China (the “CAC“) released a revised draft of its Security Assessment for Personal Information and Important Data Transmitted Outside of the People’s Republic of China Measures (the “Second Draft Export Review Measures“).
The draft emerged just over a week after public comments closed on the first draft of … Continue Reading
The Hong Kong Securities and Futures Commission (“SFC”) has issued a paper containing proposals to introduce cyber security guidelines under the Securities and Futures Ordinance (the “SFO”) applicable to internet brokers (the “Cyber Security Consultation Paper”). Comments are open through 7 July 2017.
The Cyber Security Consultation Paper reflects a sharpening of focus by the SFC on cyber security issues. … Continue Reading
On 11 April 2017 the Cyberspace Administration of China published a circular calling for comments on its draft Security Assessment for Personal Information and Important Data Transmitted Outside of the People’s Republic of China Measures (the Draft Export Review Measures). Public comments are open through 11 May 2017.
The main legislative purpose of the Draft Export Review Measures is to … Continue Reading
2016 was an eventful year in the Asia-Pacific region, as data protection and cyber security issues increasingly feature in the news headlines in the Asia-Pacific region as they do elsewhere, our annual publication, the 2017 Asia-Pacific Data Protection and Cyber Security Guide provides you with an update on key regulatory developments and emerging trends in data protection and cyber security.… Continue Reading
On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures”) for public comment: the Draft Measures remain open for comments until 4 March 2017. The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect on 1 June … Continue Reading
On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures“) for public comment: the Draft Measures remain open for comments until 4 March 2017. The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect from … Continue Reading
On 11 November, 2016, Hong Kong’s Applied Science and Technology Research Institute (“ASTRI“) published its “Whitepaper On Distributed Ledger Technology” (the “DLT Whitepaper“), a substantial research exercise commissioned by the Hong Kong Monetary Authority (the “HKMA“).
The DLT Whitepaper is a useful and well-informed introduction to blockchain, or distributed ledger technology (“DLT“), … Continue Reading
China’s Cyber Security Law, which will take effect from 1 June, 2017 was adopted on 7 November. The third draft of the law adopted by the Standing Committee of the National People’s Congress, China’s highest legislative authority, contained few changes from the second draft put forward for comment in July, 2016 (see our briefing). The net result is continued … Continue Reading
The law on the notification of data breaches in Australia looks set to change. The Privacy Act 1988 does not currently require companies that suffer a data breach to notify the Australian Information Commissioner (“Commissioner“) or affected individuals. While organisations are encouraged to do so by the Commissioner’s Data Breach Notification Guide (2014), and in practice many … Continue Reading
The Philippines’ first comprehensive data protection law, the Data Privacy Act of 2012 (the “Act“), took effect on 8 September 2012. The Act mandated the creation of a National Privacy Commission (“NPC“) to implement, enforce and monitor compliance with the Act, with one of its duties to promulgate rules and regulations … Continue Reading
On June 21, 2016, the State Council issued the Guiding Opinions on Promoting and Regulating the Development of the Application of Healthcare Big Data (“Guiding Opinions“). The Guiding Opinions declare that healthcare big data is a fundamental, strategic national resource; recognize that its development will have a significant impact on healthcare and medical treatment; and formulate programmatic plans … Continue Reading
On 6 July 2016, a second draft of the People’s Republic of China Cyber Security Law was released to the public for comment following its second reading by the Standing Committee of the National People’s Congress. The deadline for submitting comments on the second draft is 4 August 2016.
Given the growing cyber threat globally, the Chinese move towards more … Continue Reading
Anticipating a new phase of development across the region we are delighted to share our latest briefing discussing the key trends and issues.
On 25 March 2016, the Chinese Ministry of Industry and Information Technology (the “MIIT“) issued Draft Rules on the Administration of Internet Domain Names (“Draft“) and issued a call for comments. The Draft has raised serious concerns among the public and the international media. In this article we summarize the key changes in the Draft, and … Continue Reading
China’s online payment market is growing at breakneck speed. In the first three quarters of 2015, the total volume of online transactions processed by payment institutions exceeded RMB 56 billion, and the monetary value of transactions reached close to RMB 3.3 trillion.
But these impressive figures have come with significant “growing pains” in the industry, as the quality of some … Continue Reading
On 26 January, Hong Kong’s Privacy Commissioner for Personal Data (Commissioner) published his annual report on 2015 complaints and enforcement activity under the Personal Data (Privacy) Ordinance (PDPO).
The report reveals that 871,000 Hong Kong individuals were affected by data breaches in 2015, compared with 47,000 in 2014. The 98 incidents reported to the Commissioner last year (an increase from … Continue Reading
On 27 December 2015, China’s National People’s Congress passed the nation’s first comprehensive law on terrorism, the People’s Republic of China Counter-Terrorism Law, which took effect on 1 January 2016.
The Counter-Terrorism Law reflects some important developments that may give some comfort to observers that their voices are being heard, without by any means removing all the concerns.
In … Continue Reading
Personal data is an important aspect of most M&A transactions because almost all businesses store information about their employees and customers. For some deals, data is critical, and there is a trend among regulators on a global scale to increase sanctions over data privacy and security violations. There is also a risk that data protection violations may render a deal … Continue Reading
The letter comes just weeks after a 24 August letter by the Monetary Authority of Singapore (the “MAS”) warning Singaporean-regulated financial institutions of the importance of improving on their intrusion detection measures as … Continue Reading
We are seeing significant increase in the scale and complexity of outsourcing and technology procurement in the Asia region, as businesses look to modernise and build economies of scale into their regional operating platforms. Consolidation of platforms through regional outsourcing arrangements is often being pursued, not just to reduce costs, but also to gain competitive advantage. As regulation across the … Continue Reading
A recent appeal against an enforcement notice issued by the Privacy Commissioner for Personal Data of Hong Kong raised an interesting and highly controversial issue as to whether, and to what extent, individuals in Hong Kong have a “right to be forgotten” entitling them to deletion of personal data in the public domain.
This label of “right to be forgotten” … Continue Reading