Privacy is one of the biggest problems in this new electronic age. —Andrew Grove, Founder of Intel Corporation
What is your deepest, darkest secret? But really, what is it? Take a minute and think about something you would never, ever want anyone to know. It’s pretty embarrassing, right? Now, POOF! Imagine if that secret were available for anyone to see with a few clicks of a button.
Maybe that scenario seems fictitious. It’s not if you really think about it. Search engines accrue your search queries. The National Security Agency is doing mass data collection. Social media platforms and big data companies, such as Facebook and Google, sell the consumer data they collect on you and all of your social connections. The government is consistently loosening the reigns on the privacy rights of citizens. There is simply very little online privacy anymore. And no one seems to care—for two main reasons:
It takes too much time and effort to care about privacy. No one wants to read the long and boring text that is inside of any terms of agreement document. No one wants to have to re-enter their username and password every time they visit a website. No one wants to take the time to install pop-up blockers or pay to opt out of advertising on services we use or always have cash instead of paying with a credit card. Well maybe some people do, but they are a small minority. In short, it just makes life easier and daily tasks faster if we put our privacy on the back burner.
There is also a cost that people pay if they commit to privacy too strongly. Those who refuse to use social networks to protect their privacy will be at a disadvantage when it comes to being socially involved with their friends, family, and favourite brands, not to mention the disadvantage when it comes to finding work—think LinkedIn. Those who refuse to use credit cards will be at a disadvantage in earning cash back, getting free airline miles, or improving their credit score—and then there’s the problem of trying to buy or rent a car, house, or phone contract without a credit score. Additionally, there are the problems that come along with trying to protect your online identity with a virtual private network. Many websites and services refuse to provide service to individuals who are using these proxies. When it comes down to it, individuals who try to protect their privacy are punished.
But while data privacy might be inconvenient and costly, it does matter. And individuals, organisations, and governments around the world are beginning to let their voice be heard in regards to the privacy that they desire and demand:
The Cross-Border Privacy Rules is a system that has long been in place between Canada, the U.S., and Mexico. Because of popular demand, though, many Asia countries have begun to join the coalition. This agreement creates equitable regulations about how data should be treated and protected by companies when they are moving it from one country to another. The Federal Trade Commission is strictly upholding these regulations. In fact, Vir2us, SpyChatter, and Sentinel Labs were found guilty of violating the privacy agreements with partners in Asia. For each violation the companies committed, they can be fined over U.S. $40,000 per day in civil penalties.
There are multiple governments across Asia that are demanding that companies do a better job of protecting data. Both Singapore and Malaysia are leading the region in enacting data privacy laws that provide both enough flexibility to companies so that they can successfully and efficiently do business internationally, while also ensuring the maintenance of data integrity. To accomplish this effectively, the governments’ legislation requires that companies be held publicly responsible. So not only will there be a financial penalty if data regulations are broken, but board members’ reputations will be at stake, as they are required to be actively involved in decisions regarding risk management.
There are also the outside regulations that are forcing many Asian businesses’ hands. The European Union and likely other western countries in the future are mandating that if Asian companies want to do business in Europe or with Europeans, they must handle their data sensitively. These regulations will only take effect in the middle of 2018, but businesses in countries like Singapore are already getting nervous. A recent survey found that 92% of organisations fear the repercussions of non-compliance. And these repercussions include everything from a fine up to U.S. $21 million to job losses to brand reputation damage.
It is because of this demand for privacy that businesses will need to adapt to survive. They will need to be more careful with the data that they obtain from their customers. Many companies are already going to great lengths to prove to consumers that customer data privacy is their highest priority:
In order to accomplish this privacy, several companies across Asia are beginning to employ new IT strategies. They are concentrating on issues like orphaned data—files that are left behind when employees leave, for example, need to be handled appropriately in order to enhance information governance. Then there is data loss. To prevent unauthorised users from getting their hands on data, businesses are developing processes and policies, as well as enforcing them. Additionally, as a final stop-gap solution specifically for the EU regulations, some companies are putting a block on European clients and customers until they can verify that their data governance policies are strong enough to protect the data in a necessary way.
This same sort of preparation is also going on in Japan. The government amended their Act on the Protection of Personal Information, and the deadline for compliance is fast approaching. Over 50% of businesses in Japan are upping their spending on compliance and other security measures. Because of newer technology and the deployment of sensitive data to the cloud, many companies are adding BYOK and encryption to their list of protections. Additionally, some companies are increasing their network security, data-at-rest security controls, as well as adding both tokenisation and advanced key management.
All of these measures to increase data privacy and security are more than necessary. Recent investigations have shown that Asian companies are at an increased risk of cyber threats. This combined with the fact that Asian companies are among the least prepared in the world to safeguard against cyber crime, put them at even greater risk. So while many companies in the region are investing more in their privacy and security, they are also investing in cyber insurance. This insurance is not only helpful in providing a financial cushion if an attack or security breach does occur, but the cyber insurance companies help the Asian organisations to identify their weak and unprotected areas.