INTERNET GOVERNANCE
CYBERSECURITY, PRIVACY AND DATA PROTECTION
PROFESSOR ABU BAKAR MUNIR FACULTY OF LAW UNIVERSITY OF MALAYA MALAYSIA
2nd ASIA PACIFIC REGIONAL INTERNET GOVERNANCE 17 JUNE 2011 SUNTEC SINGAPORE
Regulators pressure banks after Citi data breach (Reuters) - Major U.S. banks came under growing pressure from banking regulators to improve the security of customer accounts after Citigroup Inc became the latest high-profile victim of a cyber attack.
• Cybersecurity is one of the risks that the world will have to face in the next ten years • CEO of Sony Corporation
“Cybercrime is not a brave new world - It’s a bad new world”
Privacy & Data Protection
• • • • •
The right to be left alone Informational privacy Bodily privacy Privacy of communications Territorial privacy
Informational Privacy and Data Protection
Informational Privacy The rights of an individual to have control over his personal information
Informational Privacy = Personal Data Protection
7
International Instruments
OECD Guidelines 1980 Council of Europe Convention 1981 European Directive 1995 APEC Privacy Framework 2004 Madrid Resolution 2009
National Approaches
Comprehensive Legislation Legislation + Self-Regulatory Self–Regulatory Doing Nothing
Comprehensive Legislation
All EU countries, including the 10 new member states (Cyprus, Czech Republic, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Slovakia and Slovenia)
Japan, Korea, New Zealand, Australia, Hong Kong, Macao, Taiwan, Thailand, Philippines
Chile, Argentina, Brazil, Mexico
In Middle East, only Israel
Indonesia and China are working on a comprehensive data protection law. 10
Legislation + Self-Regulatory USA – Privacy Act 1974 + 12 federal sectoral based legislation + State Laws + Safe Harbour
Self-Regulatory Singapore - does not work, now in the process of developing a data protection law 11
Doing Nothing so far
Brunei Vietnam Laos Cambodia Many more
12
Some Developments in Asia
Macao enacted her Personal Data Protection Act in 2006
China has came out with several drafts of the law, and the latest in 2007
India amended her Information Technology Act in December 2008. Some new provisions are added to protect privacy and personal data
Indonesia came out with a draft Bill in 2009
Thailand has developed a draft Bill in 2010
Taiwan amended her old law and passed a more comprehensive Personal Data Protection Act in April 2010
Malaysia has passed her Personal Data Protection Act in June 2010
Korea came out with a more comprehensive law in March 2011
The Philippines Congress is currently debating the bill to protect personal data
Australia and Hong Kong are reviewing their Privacy Act and Privacy Ordinance respectively
Singapore is currently developing ner law and is expected to be ready by 2012
In April 2011, the EU Working Party decided that the New Zealand Privacy Act is adequate
THE KEY FEATURES OF DATA PROTECTION
DATA PROTECTION PRINCIPLES
DATA SUBJECTS RIGHTS
EXEMPTIONS
ENFORCEMENT MECHANISMS
SANCTIONS
DATA BREACH NOTIFICATION? WHEN? WHO?
[email protected] profabm.blogspot.com +6012 2185242
