The document provides results from the inaugural TRPC Data Protection Index 2020, which assessed data protection laws and regulations of 30 economies based on the ASEAN Framework on Personal Data Protection. Japan ranked first with the strongest data protection according to the assessment questions. The results are shown in a table with each economy's scores on 12 questions relating to having a data protection law, oversight authority, consent requirements, accuracy of data, security safeguards, access and correction rights, overseas transfer rules, data retention limits, and accountability measures. Most economies scored well except for Vietnam, China, and Indonesia which were ranked lower due to gaps in their data protection frameworks.
Commissioned by Salesforce, this report is the second edition of the Cross-Border Data Flows Index (CBDFI) which was first presented in 2019. The Index quantifies and evaluates eight regulatory dimensions that serve to either restrict or enhance the volume and variety of cross-border data flows for G20 economies. For this 2021 edition of the report, Singapore has been added to the original economies covered. It has created a conducive policy and regulatory environment for the development of its digital economy. Experiences from Singapore can be leveraged to enable the seamless flow of data across borders.
The report recommends long-term measures to build trust and confidence as well as short-term initiatives that will deliver immediate results in offering clarity on data transfer mechanisms.
Regulating for a Digital Economy: Understanding the Importance of Cross-Borde...accacloud
Cross-border data access, usage, and exchange are essential to economic growth in the digital age. Every sector—including manufacturing, services, agriculture, and retail—relies on data and on the global flow of that data. Whether directly, or by indirectly taking advantage of global-scale data infrastructure such as cloud computing, global connectivity has enabled cross-border economic activity, allowing individuals, startups, and small businesses to participate in global markets. However, while the economic and trade opportunity from connectivity and data flows are significant, governments are increasingly introducing measures which restrict data flows—data localization measures.
This report reviews the various mechanisms by which governments are attempting to manage their digital economy. It covers the issues of data localization and data residency, clarifies cross-border data flow restrictions by developing a typology of data localization mechanisms like privacy, cybersecurity, law enforcement, digital protectionism, and levelling the playing field for businesses.
Sponsored by the Asia Cloud Computing Association, this report was independently researched and published by the Brookings Institution and TRPC Pte Ltd.
For more information, visit us at http://www.asiacloudcomputing.org
The Impact of Data Sovereignty on Cloud Computing in Asia 2013 by the Asia Cl...accacloud
The Impact of Data Sovereignty on Cloud Computing offers detailed information describing the implications of data sovereignty law and policy on the adoption of cloud computing-based infrastructures and services in Asia. By describing and analyzing data sovereignty regulations in 14 countries in this study, the Association identifies potential bottlenecks that could slow adoption and threaten Asia’s digital future.
The study serves to identify the gaps between an “ideal state” and the actual realities in Asian countries around policy, legal and commercial cloud drivers to provide a tool for businesses organizations, cloud service providers and policy makers to look at cloud in a more holistic manner.
This report provides substantive detailed analysis for each of the 14 countries, including 4-5 page detailed insights into the regulatory environment for data sovereignty in each country and recommendations for each country to bring attention to the highest priority issues that if addressed will bring the country closer to the “ideal state.”
For more information, visit http://www.asiacloudcomputing.org
2018 Cross-Border Data Flows: A Review of the Regulatory Enablers, Blockers, ...accacloud
Access to data represents a huge potential in terms of potential economic growth and social enablement opportunities. It is not surprising then, that many governments are setting forth ‘digital economy’ agendas, including policy and regulatory frameworks, to ensure they maximize participation and opportunity. However, such a cross-cutting agenda is not without its challenges. Regulations put in place to enable or protect one part of the economy can damage growth in neighboring sectors or industries, often unintentionally. This research report takes an investigative look at the way five Asian economies—India, Indonesia, Japan, the Philippines, and Vietnam—are aggressively transitioning to more digitally enabled economies.
For more information, visit http://www.asiacloudcomputing.org
Report on Cloud Data Regulations 2014: A contribution on how to reduce the co...accacloud
The purpose of this paper is to contribute to, and help drive the formation of, policies concerning cloud computing in Asia. The paper addresses the increasing complexities surrounding the transfer of data between jurisdictions, and the problems this poses for operators, such as carriers, remittance service providers, social networks, Internet and e-commerce companies, offering legitimate cross-border data transfer services.
This paper builds on original research developed by the ACCA in 2013 as part of a broader and ongoing study on Data Sovereignty throughout the Asia Pacific. It argues that law makers and regulators should balance their efforts to protect personal data privacy and data in key sectors, such as banking and health services, with solutions that facilitate and therefore lower the cost of data transfers under all reasonable circumstances.
For more information, visit us at asiacloudcomputing.org
Asia's Financial Services on the Cloud 2018: Regulatory Landscape Impacting t...accacloud
Regulations play a crucial role in enabling or limiting cloud adoption by financial services institutions in Asia. This report provides an update on regulatory landscapes across nine Asia markets. It finds that while some regulators are clarifying outsourcing rules to help firms comply, restrictions still exist. The report recommends regulators break down barriers by having technology-neutral rules, clearer processes for cloud adoption, and distinguishing critical vs non-critical services. This would help firms benefit from cloud computing's efficiencies while managing risks.
SMEs in Asia Pacific: The Market for Cloud Computing - Case Studies of 14 mar...accacloud
Small and medium-sized enterprises represent well over 90% of all businesses in Asia, and across the 14 markets under review they employ some 1.02 billion people and contribute around $10.9 trillion directly into the economies in which are based (49.1% of total GDP for the region.) They also spend significantly as a group on ICT.
Cloud computing – and cloud computing technology – has the potential to be the ‘great leveller’ for both SMEs and developing economies. This is because cloud offers the prospect of both the access to enterprise grade tools on a pay-per-use basis making them immediately accessible and affordable, and the ability to scale up and down such access as required (elasticity of use). In other words, upfront capex requirements go down substantially.
What are their challenges to using cloud? How can this technology be made more available to SMEs, so that they can harness its power for digital transformation? This report reviews 14 markets' SME industry, and establishes market size, characteristics, and identifies industries most likely to undergo digital transformation.
For more information, visit http://www.asiacloudcomputing.org
Transforming Hong Kong into a smart city: The economic opportunity of digital...FairTechInstitute
This study, conducted by AlphaBeta and commissioned by Google, examines the economic significance of digital technologies and skills in Hong Kong. This study finds that, if leveraged fully, digital technologies could create an annual economic value of HKD387 billion (USD 50 billion) by 2030. In addition, if it were to accelerate the pace of its digital skilling efforts over the next decade, workers with digital skills can contribute up to a fifth (21 percent) of Hong Kong’s gross domestic product (GDP) in 2030.
Commissioned by Salesforce, this report is the second edition of the Cross-Border Data Flows Index (CBDFI) which was first presented in 2019. The Index quantifies and evaluates eight regulatory dimensions that serve to either restrict or enhance the volume and variety of cross-border data flows for G20 economies. For this 2021 edition of the report, Singapore has been added to the original economies covered. It has created a conducive policy and regulatory environment for the development of its digital economy. Experiences from Singapore can be leveraged to enable the seamless flow of data across borders.
The report recommends long-term measures to build trust and confidence as well as short-term initiatives that will deliver immediate results in offering clarity on data transfer mechanisms.
Regulating for a Digital Economy: Understanding the Importance of Cross-Borde...accacloud
Cross-border data access, usage, and exchange are essential to economic growth in the digital age. Every sector—including manufacturing, services, agriculture, and retail—relies on data and on the global flow of that data. Whether directly, or by indirectly taking advantage of global-scale data infrastructure such as cloud computing, global connectivity has enabled cross-border economic activity, allowing individuals, startups, and small businesses to participate in global markets. However, while the economic and trade opportunity from connectivity and data flows are significant, governments are increasingly introducing measures which restrict data flows—data localization measures.
This report reviews the various mechanisms by which governments are attempting to manage their digital economy. It covers the issues of data localization and data residency, clarifies cross-border data flow restrictions by developing a typology of data localization mechanisms like privacy, cybersecurity, law enforcement, digital protectionism, and levelling the playing field for businesses.
Sponsored by the Asia Cloud Computing Association, this report was independently researched and published by the Brookings Institution and TRPC Pte Ltd.
For more information, visit us at http://www.asiacloudcomputing.org
The Impact of Data Sovereignty on Cloud Computing in Asia 2013 by the Asia Cl...accacloud
The Impact of Data Sovereignty on Cloud Computing offers detailed information describing the implications of data sovereignty law and policy on the adoption of cloud computing-based infrastructures and services in Asia. By describing and analyzing data sovereignty regulations in 14 countries in this study, the Association identifies potential bottlenecks that could slow adoption and threaten Asia’s digital future.
The study serves to identify the gaps between an “ideal state” and the actual realities in Asian countries around policy, legal and commercial cloud drivers to provide a tool for businesses organizations, cloud service providers and policy makers to look at cloud in a more holistic manner.
This report provides substantive detailed analysis for each of the 14 countries, including 4-5 page detailed insights into the regulatory environment for data sovereignty in each country and recommendations for each country to bring attention to the highest priority issues that if addressed will bring the country closer to the “ideal state.”
For more information, visit http://www.asiacloudcomputing.org
2018 Cross-Border Data Flows: A Review of the Regulatory Enablers, Blockers, ...accacloud
Access to data represents a huge potential in terms of potential economic growth and social enablement opportunities. It is not surprising then, that many governments are setting forth ‘digital economy’ agendas, including policy and regulatory frameworks, to ensure they maximize participation and opportunity. However, such a cross-cutting agenda is not without its challenges. Regulations put in place to enable or protect one part of the economy can damage growth in neighboring sectors or industries, often unintentionally. This research report takes an investigative look at the way five Asian economies—India, Indonesia, Japan, the Philippines, and Vietnam—are aggressively transitioning to more digitally enabled economies.
For more information, visit http://www.asiacloudcomputing.org
Report on Cloud Data Regulations 2014: A contribution on how to reduce the co...accacloud
The purpose of this paper is to contribute to, and help drive the formation of, policies concerning cloud computing in Asia. The paper addresses the increasing complexities surrounding the transfer of data between jurisdictions, and the problems this poses for operators, such as carriers, remittance service providers, social networks, Internet and e-commerce companies, offering legitimate cross-border data transfer services.
This paper builds on original research developed by the ACCA in 2013 as part of a broader and ongoing study on Data Sovereignty throughout the Asia Pacific. It argues that law makers and regulators should balance their efforts to protect personal data privacy and data in key sectors, such as banking and health services, with solutions that facilitate and therefore lower the cost of data transfers under all reasonable circumstances.
For more information, visit us at asiacloudcomputing.org
Asia's Financial Services on the Cloud 2018: Regulatory Landscape Impacting t...accacloud
Regulations play a crucial role in enabling or limiting cloud adoption by financial services institutions in Asia. This report provides an update on regulatory landscapes across nine Asia markets. It finds that while some regulators are clarifying outsourcing rules to help firms comply, restrictions still exist. The report recommends regulators break down barriers by having technology-neutral rules, clearer processes for cloud adoption, and distinguishing critical vs non-critical services. This would help firms benefit from cloud computing's efficiencies while managing risks.
SMEs in Asia Pacific: The Market for Cloud Computing - Case Studies of 14 mar...accacloud
Small and medium-sized enterprises represent well over 90% of all businesses in Asia, and across the 14 markets under review they employ some 1.02 billion people and contribute around $10.9 trillion directly into the economies in which are based (49.1% of total GDP for the region.) They also spend significantly as a group on ICT.
Cloud computing – and cloud computing technology – has the potential to be the ‘great leveller’ for both SMEs and developing economies. This is because cloud offers the prospect of both the access to enterprise grade tools on a pay-per-use basis making them immediately accessible and affordable, and the ability to scale up and down such access as required (elasticity of use). In other words, upfront capex requirements go down substantially.
What are their challenges to using cloud? How can this technology be made more available to SMEs, so that they can harness its power for digital transformation? This report reviews 14 markets' SME industry, and establishes market size, characteristics, and identifies industries most likely to undergo digital transformation.
For more information, visit http://www.asiacloudcomputing.org
Transforming Hong Kong into a smart city: The economic opportunity of digital...FairTechInstitute
This study, conducted by AlphaBeta and commissioned by Google, examines the economic significance of digital technologies and skills in Hong Kong. This study finds that, if leveraged fully, digital technologies could create an annual economic value of HKD387 billion (USD 50 billion) by 2030. In addition, if it were to accelerate the pace of its digital skilling efforts over the next decade, workers with digital skills can contribute up to a fifth (21 percent) of Hong Kong’s gross domestic product (GDP) in 2030.
Intermodal Transport Data Sharing Programme (Sep 2021)FairTechInstitute
This was a year-long project conducted in Hong Kong to support evidence-based policymaking, supporting good data governance, green smart cities, and strong data security and protection. The project developed a Proof-of-Concept to demonstrate a trusted data sharing mechanism - Data Trust 1.0 - could be implemented to allow transport operators and service providers to share limited amounts of data for the purposes of limited-scope, mode-specific research e.g. research which asks "how many people cycle to work between 8-9am?"
While this research was conducted for transport operators, the Data Trust 1.0 model is applicable across all sectors. Funding was provided by the Hong Kong Innovation and Technology Commission, and supported generously by sponsors Daimler, MTR, Thales, and Via.
From Vision to Procurement: Principles for Adopting Cloud Computing in the Pu...accacloud
Cloud computing is a scalable, cost-efficient and highly-secure solution to help the public sector transform their services and drive efficiencies. However, to effectively enable public sector cloud procurement, discussions need to advance beyond just cost and security. Appropriate procurement processes that provide clear guidance on how cloud can be procured are also critical.
This paper outlines seven principles distilled from conversations with government procurement officers, policymakers, and auditors where they have told the ACCA and its members what the essential elements are to enabling adoption of technology solutions in the public sector. The ACCA is delighted to present this white paper to help demystify cloud solutions and provide necessary guidance to procurement policymakers and public sector agencies that are evaluating cloud services.
For more information, visit us at http://www.asiacloudcomputing.org
2015 Asia's Financial Services: Ready for the Cloud - A Report on FSI Regulat...accacloud
The ACCA developed this report with the primary purpose of equipping CSPs with an understanding of the current regulatory landscape in APAC, and their FSI customers’ key regulatory challenges to adopting Cloud Services. This report aims to help CSPs to develop and provide solutions to these challenges. In particular, this report:
1. provides CSPs with a database of issues and possible solutions to discuss with their FSI customers;
2. provides CSPs with recommendations as to how to comply with the current regulatory landscape; and
3. supports CSPs in their engagement with relevant governments and Regulators.
This report may also be used by Regulators and FSIs to understand the current regulatory landscape in APAC and the key opportunities and challenges to adopting Cloud Services.
For more information, visit us at http://www.asiacloudcomputing.org
2011-2012 Cloud Assessment Tool (CAT) White Paperaccacloud
The Cloud Assessment Tool (CAT) was developed by the Asia Cloud Computing Association (ACCA). It was refined through extensive and in-depth discussions over a period of 2 years between members of the WG and by looking at relevant cloud and IT specifications.
The CAT defines the requirements placed on IaaS/PaaS solution providers to support stringent cloud applications. However, that perspective was subsequently extended to cover all application requirements. As such, its final realization has broad applicability.
For more information, visit http://www.asiacloudcomputing.org
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
For years, the digitalization of assets has been underway, completely transforming entire
industries, from healthcare to music. In the same way, the move to digitalization has also
brought fundamental change to the way businesses manage invoices. By moving to electronic
invoicing, known as eInvoicing, organizations in a host of industries can realize a range of
benefi ts • Reduced costs. By eliminating the purchase of paper for invoice printing, reducing the
time and expense of physical invoice handling, reducing the space and expense of paperbased
fi le storage, and eliminating postage, organizations can realize direct, upfront cost
savings.
Hacktivists in Indonesia disrupted Malaysian websites in response to a misprinted flag by exploiting vulnerabilities in Malaysian web servers and replacing website content with protest messages. Ransomware like WCry and Petya have impacted organizations across Southeast Asia by leveraging vulnerabilities in outdated operating systems. Distributed denial of service (DDoS) attacks remain a frequent tactic used by threat actors to disrupt websites and draw attention to causes or hide other malicious activities.
E-commerce in Latin America: Maximising equitable growth and the potential of...FairTechInstitute
This white paper addresses the regional e-commerce landscape for Latin America. It sheds light on current trends and opportunities, looks at long-standing challenges and includes policy considerations that policymakers should address which would help the region maintain a balanced regulatory framework for online marketplaces.
The report was presented by Access Partnership during the online event, “E-commerce in Latin America: Maximising equitable growth and the potential of retail post-Covid-19”, which took place on 10 December 2021.
Towards Better Patient Outcomes and Staying Well: The Promise of Cloud Comput...accacloud
The healthcare industry is one which is often at the forefront of technology change. From hospital management to rural healthcare communities, from doctors and surgeons to pharmacists and lab technicians— there is often a tension between the urgent needs of the healthcare industry that compels rapid technology adoption, and a strict and heavily-regulated environment that defaults to caution when embracing new technology. Today, we see a healthcare industry that is moving towards the new paradigm of cloud computing with increasing optimism and trust.
How can the healthcare industry best deploy cloud computing to achieve better patient outcomes? What are the current opportunities to start a digital transformation in a healthcare institution? Where are the opportunities for the healthcare industry to leverage cloud technology, and move towards an ideal of preventing disease whenever we can, for prevention is preferable to cure? What other prospects does cloud computing hold for the healthcare sector?
This report will answer these questions by demonstrating the different innovative uses and deployment of cloud computing in six healthcare sub-verticals. These case studies show how technology and the healthcare industry can strengthen patient outcomes, and together, work towards the goal of staying healthy and well.
For more information, visit us at http://www.asiacloudcomputing.org
Cloud Readiness Index 2016 by the Asia Cloud Computing Associationaccacloud
Asian countries top the new Cloud Readiness Index (CRI) 2016 released by the Asia Cloud Computing Association (ACCA). The CRI places Hong Kong, Singapore, New Zealand and Australia above markets such as Germany, the United Kingdom (UK) and the United States (US), showing that Asia economies are indeed leading the world in cloud readiness. This is also the first time that the 14-market Asia Pacific-focused study also includes a sample of six non-Asian markets for comparative analysis.
The Chinese government has set ambitious goals in its big data industry development to foster new economic drivers. One of these goals is e.g. to increase the annual sales of China’s big data industry (including related goods and services) to RMB 1 trillion by 2020 from an estimated RMB 280 billion in 2015. This report examines the Chinese big data industry and its innovators along with possible future opportunities and implications that China's expanding big data industry could entail for Finland.
Unlocking Pakistan's digital potential: The economic opportunities of digital...FairTechInstitute
There is a significant economic prize attached to accelerating Pakistan’s digital transformation. AlphaBeta’s study (commissioned by Google) finds that digital technologies can unlock PKR9.7 trillion (USD 59.7 billion) worth of annual economic value in Pakistan by 2030.
Key messages from the research include: there is a significant economic prize attached to accelerating Pakistan’s digital transformation; there are three areas of action required for Pakistan to fully capture its digital opportunity; and through its programmes and products, Google is making contributions to Pakistan’s digital transformation journey and supports benefits to businesses, consumers, and the broader society.
1. Cybercrime costs the Dutch economy around €10 billion annually, or 1.5% of GDP, through value lost.
2. The report estimates potential "worst case" losses from cyber risks, known as Cyber Value at Risk (VaR), and finds it is typically 8 times higher than expected losses for large Dutch organizations.
3. The sectors facing the highest cyber risks are identified as Technology & Electronics, Defense & Aerospace, Public, and Banking. Technology & Electronics and Defense & Aerospace face the highest Cyber VaR at around 17% of income.
The United States government is a major supporter of artificial intelligence (AI) research and development through agencies like DARPA, NSF, NIH, ONR, and IARPA. (1) Finland and the U.S. are projected to see the largest economic gains from AI through 2035 with each seeing 2% higher economic growth. (2) Many industries like manufacturing, professional services, retail, and healthcare are expected to see large increases in value added from AI. (3)
Cloud-Enabled Enterprise Transformation: Driving Agility, Innovation and GrowthCognizant
Whether used for process optimization or modernization, cloud solutions bring much-needed flexibility to enterprises struggling to stay ahead of changing markets.
Porticor - Can Data be safe in Public Clouds, in Compliance with Standardsgiladpn
This document discusses security issues with public clouds and whether data can be kept safe and compliant with standards in public clouds. It notes that while cloud providers strive to keep customer data secure, customers are ultimately responsible for securing their own data and applications. The document outlines responsibilities of both cloud providers and customers, and examines how traditional security concepts translate to public clouds alongside new considerations for security in cloud environments.
Cloud Readiness Index 2012 by the Asia Cloud Computing Associationaccacloud
The document is the Asia Cloud Computing Association's 2012 Cloud Readiness Index, which ranks Asian economies on their readiness for cloud computing. It summarizes the Index results, showing Japan, Korea, and Hong Kong as the top three. It also discusses changes from 2011, such as Singapore falling due to lower data privacy scores. The document outlines the methodology used to evaluate countries on various attributes like data privacy, broadband access, and data center risks that affect their ability to adopt cloud computing.
2015 How important is Cloud Computing for building Crowd Networks? Crowdsourc...accacloud
The document discusses the relationship between cloud computing and crowd networks. It examines several crowd-based businesses and how they utilize cloud technologies. While crowd funding can utilize cloud computing, it is not necessarily critical. Crowd sourcing businesses that manage a large number of varying projects and suppliers benefit most from cloud computing, as it provides elastic resources and on-demand scaling. Fully integrating cloud technologies with crowd sourcing enables new crowd-based business models and will play a major role in future innovation.
IoT Implementation Technology Regulation and Business Perspective.pptxSatriyo Dharmanto
General Lecture at University of Pelita Harapan (UPH) Indonesia. Talk about IoT Implementations Technology, Regulation and Business Model Perspectives. Use Case at Kupang East Nusa Tenggara Indonesia
ISACA Journal Data Protection Act (UK) and GAPP AlignmentMohammed J. Khan
This document discusses aligning data privacy frameworks between different jurisdictions. It summarizes the UK Data Protection Act of 1998 and the American Institute of Certified Public Accountants' Generally Accepted Privacy Principles. It then provides an example of how to map the 8 principles of the UK Data Protection Act to the 10 principles outlined in the Generally Accepted Privacy Principles, to help global companies comply with regulations in both the US and UK. This mapping establishes a baseline for assessing a company's current privacy compliance capabilities.
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
Intermodal Transport Data Sharing Programme (Sep 2021)FairTechInstitute
This was a year-long project conducted in Hong Kong to support evidence-based policymaking, supporting good data governance, green smart cities, and strong data security and protection. The project developed a Proof-of-Concept to demonstrate a trusted data sharing mechanism - Data Trust 1.0 - could be implemented to allow transport operators and service providers to share limited amounts of data for the purposes of limited-scope, mode-specific research e.g. research which asks "how many people cycle to work between 8-9am?"
While this research was conducted for transport operators, the Data Trust 1.0 model is applicable across all sectors. Funding was provided by the Hong Kong Innovation and Technology Commission, and supported generously by sponsors Daimler, MTR, Thales, and Via.
From Vision to Procurement: Principles for Adopting Cloud Computing in the Pu...accacloud
Cloud computing is a scalable, cost-efficient and highly-secure solution to help the public sector transform their services and drive efficiencies. However, to effectively enable public sector cloud procurement, discussions need to advance beyond just cost and security. Appropriate procurement processes that provide clear guidance on how cloud can be procured are also critical.
This paper outlines seven principles distilled from conversations with government procurement officers, policymakers, and auditors where they have told the ACCA and its members what the essential elements are to enabling adoption of technology solutions in the public sector. The ACCA is delighted to present this white paper to help demystify cloud solutions and provide necessary guidance to procurement policymakers and public sector agencies that are evaluating cloud services.
For more information, visit us at http://www.asiacloudcomputing.org
2015 Asia's Financial Services: Ready for the Cloud - A Report on FSI Regulat...accacloud
The ACCA developed this report with the primary purpose of equipping CSPs with an understanding of the current regulatory landscape in APAC, and their FSI customers’ key regulatory challenges to adopting Cloud Services. This report aims to help CSPs to develop and provide solutions to these challenges. In particular, this report:
1. provides CSPs with a database of issues and possible solutions to discuss with their FSI customers;
2. provides CSPs with recommendations as to how to comply with the current regulatory landscape; and
3. supports CSPs in their engagement with relevant governments and Regulators.
This report may also be used by Regulators and FSIs to understand the current regulatory landscape in APAC and the key opportunities and challenges to adopting Cloud Services.
For more information, visit us at http://www.asiacloudcomputing.org
2011-2012 Cloud Assessment Tool (CAT) White Paperaccacloud
The Cloud Assessment Tool (CAT) was developed by the Asia Cloud Computing Association (ACCA). It was refined through extensive and in-depth discussions over a period of 2 years between members of the WG and by looking at relevant cloud and IT specifications.
The CAT defines the requirements placed on IaaS/PaaS solution providers to support stringent cloud applications. However, that perspective was subsequently extended to cover all application requirements. As such, its final realization has broad applicability.
For more information, visit http://www.asiacloudcomputing.org
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
For years, the digitalization of assets has been underway, completely transforming entire
industries, from healthcare to music. In the same way, the move to digitalization has also
brought fundamental change to the way businesses manage invoices. By moving to electronic
invoicing, known as eInvoicing, organizations in a host of industries can realize a range of
benefi ts • Reduced costs. By eliminating the purchase of paper for invoice printing, reducing the
time and expense of physical invoice handling, reducing the space and expense of paperbased
fi le storage, and eliminating postage, organizations can realize direct, upfront cost
savings.
Hacktivists in Indonesia disrupted Malaysian websites in response to a misprinted flag by exploiting vulnerabilities in Malaysian web servers and replacing website content with protest messages. Ransomware like WCry and Petya have impacted organizations across Southeast Asia by leveraging vulnerabilities in outdated operating systems. Distributed denial of service (DDoS) attacks remain a frequent tactic used by threat actors to disrupt websites and draw attention to causes or hide other malicious activities.
E-commerce in Latin America: Maximising equitable growth and the potential of...FairTechInstitute
This white paper addresses the regional e-commerce landscape for Latin America. It sheds light on current trends and opportunities, looks at long-standing challenges and includes policy considerations that policymakers should address which would help the region maintain a balanced regulatory framework for online marketplaces.
The report was presented by Access Partnership during the online event, “E-commerce in Latin America: Maximising equitable growth and the potential of retail post-Covid-19”, which took place on 10 December 2021.
Towards Better Patient Outcomes and Staying Well: The Promise of Cloud Comput...accacloud
The healthcare industry is one which is often at the forefront of technology change. From hospital management to rural healthcare communities, from doctors and surgeons to pharmacists and lab technicians— there is often a tension between the urgent needs of the healthcare industry that compels rapid technology adoption, and a strict and heavily-regulated environment that defaults to caution when embracing new technology. Today, we see a healthcare industry that is moving towards the new paradigm of cloud computing with increasing optimism and trust.
How can the healthcare industry best deploy cloud computing to achieve better patient outcomes? What are the current opportunities to start a digital transformation in a healthcare institution? Where are the opportunities for the healthcare industry to leverage cloud technology, and move towards an ideal of preventing disease whenever we can, for prevention is preferable to cure? What other prospects does cloud computing hold for the healthcare sector?
This report will answer these questions by demonstrating the different innovative uses and deployment of cloud computing in six healthcare sub-verticals. These case studies show how technology and the healthcare industry can strengthen patient outcomes, and together, work towards the goal of staying healthy and well.
For more information, visit us at http://www.asiacloudcomputing.org
Cloud Readiness Index 2016 by the Asia Cloud Computing Associationaccacloud
Asian countries top the new Cloud Readiness Index (CRI) 2016 released by the Asia Cloud Computing Association (ACCA). The CRI places Hong Kong, Singapore, New Zealand and Australia above markets such as Germany, the United Kingdom (UK) and the United States (US), showing that Asia economies are indeed leading the world in cloud readiness. This is also the first time that the 14-market Asia Pacific-focused study also includes a sample of six non-Asian markets for comparative analysis.
The Chinese government has set ambitious goals in its big data industry development to foster new economic drivers. One of these goals is e.g. to increase the annual sales of China’s big data industry (including related goods and services) to RMB 1 trillion by 2020 from an estimated RMB 280 billion in 2015. This report examines the Chinese big data industry and its innovators along with possible future opportunities and implications that China's expanding big data industry could entail for Finland.
Unlocking Pakistan's digital potential: The economic opportunities of digital...FairTechInstitute
There is a significant economic prize attached to accelerating Pakistan’s digital transformation. AlphaBeta’s study (commissioned by Google) finds that digital technologies can unlock PKR9.7 trillion (USD 59.7 billion) worth of annual economic value in Pakistan by 2030.
Key messages from the research include: there is a significant economic prize attached to accelerating Pakistan’s digital transformation; there are three areas of action required for Pakistan to fully capture its digital opportunity; and through its programmes and products, Google is making contributions to Pakistan’s digital transformation journey and supports benefits to businesses, consumers, and the broader society.
1. Cybercrime costs the Dutch economy around €10 billion annually, or 1.5% of GDP, through value lost.
2. The report estimates potential "worst case" losses from cyber risks, known as Cyber Value at Risk (VaR), and finds it is typically 8 times higher than expected losses for large Dutch organizations.
3. The sectors facing the highest cyber risks are identified as Technology & Electronics, Defense & Aerospace, Public, and Banking. Technology & Electronics and Defense & Aerospace face the highest Cyber VaR at around 17% of income.
The United States government is a major supporter of artificial intelligence (AI) research and development through agencies like DARPA, NSF, NIH, ONR, and IARPA. (1) Finland and the U.S. are projected to see the largest economic gains from AI through 2035 with each seeing 2% higher economic growth. (2) Many industries like manufacturing, professional services, retail, and healthcare are expected to see large increases in value added from AI. (3)
Cloud-Enabled Enterprise Transformation: Driving Agility, Innovation and GrowthCognizant
Whether used for process optimization or modernization, cloud solutions bring much-needed flexibility to enterprises struggling to stay ahead of changing markets.
Porticor - Can Data be safe in Public Clouds, in Compliance with Standardsgiladpn
This document discusses security issues with public clouds and whether data can be kept safe and compliant with standards in public clouds. It notes that while cloud providers strive to keep customer data secure, customers are ultimately responsible for securing their own data and applications. The document outlines responsibilities of both cloud providers and customers, and examines how traditional security concepts translate to public clouds alongside new considerations for security in cloud environments.
Cloud Readiness Index 2012 by the Asia Cloud Computing Associationaccacloud
The document is the Asia Cloud Computing Association's 2012 Cloud Readiness Index, which ranks Asian economies on their readiness for cloud computing. It summarizes the Index results, showing Japan, Korea, and Hong Kong as the top three. It also discusses changes from 2011, such as Singapore falling due to lower data privacy scores. The document outlines the methodology used to evaluate countries on various attributes like data privacy, broadband access, and data center risks that affect their ability to adopt cloud computing.
2015 How important is Cloud Computing for building Crowd Networks? Crowdsourc...accacloud
The document discusses the relationship between cloud computing and crowd networks. It examines several crowd-based businesses and how they utilize cloud technologies. While crowd funding can utilize cloud computing, it is not necessarily critical. Crowd sourcing businesses that manage a large number of varying projects and suppliers benefit most from cloud computing, as it provides elastic resources and on-demand scaling. Fully integrating cloud technologies with crowd sourcing enables new crowd-based business models and will play a major role in future innovation.
IoT Implementation Technology Regulation and Business Perspective.pptxSatriyo Dharmanto
General Lecture at University of Pelita Harapan (UPH) Indonesia. Talk about IoT Implementations Technology, Regulation and Business Model Perspectives. Use Case at Kupang East Nusa Tenggara Indonesia
ISACA Journal Data Protection Act (UK) and GAPP AlignmentMohammed J. Khan
This document discusses aligning data privacy frameworks between different jurisdictions. It summarizes the UK Data Protection Act of 1998 and the American Institute of Certified Public Accountants' Generally Accepted Privacy Principles. It then provides an example of how to map the 8 principles of the UK Data Protection Act to the 10 principles outlined in the Generally Accepted Privacy Principles, to help global companies comply with regulations in both the US and UK. This mapping establishes a baseline for assessing a company's current privacy compliance capabilities.
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
The document summarizes key points from a presentation on legal and regulatory privacy challenges for the financial services sector. It discusses the EU Data Protection Directive and definitions of personal data. It also outlines current challenges such as international data transfers and incident response across jurisdictions. The presentation provides recommendations for demonstrating global compliance, including understanding applicable standards and prioritizing risks through tools like questionnaires.
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
1. The document discusses regulatory compliance in Colombia, noting seven things investors should know. It outlines obligations for companies regarding personal data protection, transparency, anti-bribery laws, money laundering prevention, and more.
2. Companies must comply with Colombia's personal data protection regime, which requires proper treatment of personal data, registration of databases, and implementation of a comprehensive personal data management program.
3. Additional regulatory requirements include anti-bribery laws for parent companies, transparency and ethics programs for some companies, and controls to prevent money laundering and terrorist financing.
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
The document discusses the rise of data ethics and security. It begins with an introduction of the speaker and their background. It then covers various topics related to data ethics including the data lifecycle, implementation of data ethics through vision, strategy, governance and more. Big data security is also discussed as it relates to data governance, challenges, and approaches to building a security program. Regulatory requirements and their impact on data scientists is covered as it relates to privacy. Techniques for privacy control like data masking and tokenization in ETL processes are presented.
An Overview of the Major Compliance RequirementsDoubleHorn
In this blog, we will explore some of the US government’s compliance standards that are helpful for many federal, state and local agencies while procuring technology and related services.
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
Recent surveys benchmarking the status of U.S. companies' efforts to meet the May 25 deadline for the EU Global Data Protection Regulation (GDPR) have revealed a startling lack of preparedness.
Companies not yet in compliance are likely to violate the directive if they don’t take immediate action, and fines can amount to 2-4 percent of a company’s annual gross revenue. Do you have the resources and information you need to comply?
View to learn:
--What GDPR means to your business
--Short, medium, and long-term actions you can take to protect regulated data and achieve compliance
--How you can streamline incident response and third-party risk management capabilities
--How to streamline the resources and technology needed to keep up with the evolving regulatory landscape
Don't fall behind on these compliance regulations. Take the steps needed to protect the data you collect.
How GDPR will change Personal Data Control and Affect EveryoneThomas Goubau
The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonisation of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover.
Implementing And Managing A Multinational Privacy ProgramMSpadea
1. The document summarizes the key steps taken by Barclays Wealth to implement a global privacy program for collecting, using, and transferring customer data internationally in compliance with regulations.
2. This included obtaining legal requirements for all jurisdictions, identifying data flows and uses, assessing gaps against legal standards, and developing remediation plans.
3. Senior management support, dedicated resources, and stakeholder involvement were needed to successfully implement the program and ensure ongoing privacy compliance as a business-as-usual process.
IAB Digital Advertising Guidance : special category data under the gdpr - 2020Fullstaak
What is special category data, how might it arise in digital advertising, and what are the restrictions on its processing under the GDPR?
As part of our work to address the ICO’s concerns about ad tech and real-time bidding, we have developed this guidance on special category data, to help companies understand their obligations, and how to comply with them in practice.
The guidance aims to help educate the digital advertising industry about:
What ‘special category data’ is, as defined in the GDPR (including how it may arise from the way in which other data is processed)
The legal provisions and requirements that apply to processing special category data
Factors to consider in reviewing whether there is a risk of special category data arising or being inadvertently processed as part of your activities, and how to minimise such risks
https://fullstaak.com/
Guide to-the-general-data-protection-regulationN N
The document provides a guide to the General Data Protection Regulation (GDPR), which takes effect in May 2018. It highlights several key changes and requirements of the new law, including: tightening the rules for consent; making the appointment of a data protection officer mandatory for some organizations; introducing mandatory privacy impact assessments and data breach notification; and expanding individuals' rights to access and delete their personal data. The guide is intended to help organizations assess their GDPR readiness and comply with the new requirements.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
This document discusses the key requirements of the General Data Protection Regulation (GDPR) that will take effect in May 2018. It explains that GDPR will apply broadly to any company that handles personal data of Europeans, regardless of location. It outlines important concepts like data subjects, data controllers, and data processing. It also summarizes the core GDPR principles of lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; limited storage; integrity and confidentiality; and accountability. The document provides examples of lawful bases for processing personal data and notes that explicit consent is required for special categories of sensitive data.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed
to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
Importance of data information policy and regulation in the business
Lack of awareness of the potential risks related to data security and privacy incidents.
Lack of sincere efforts from organization in educating employees on data privacy and security issues.
No robust framework in place on sharing information in a cross-border situation and its implication
No effective policy for preventing the leaking or stealing of information
Privacy frameworks relying on individuals “notice and consent” are neither sustainable and nor desirable due to the burden they place on individuals
Customers are in dark on how their data is being stored and used by the organization. Likewise, they are not aware how their data is being interpreted by the businesses for competitive edge.
This document discusses how Oracle's MySQL Enterprise Edition security features can help organizations comply with requirements of the EU General Data Protection Regulation (GDPR). It provides an introduction to the GDPR, outlines its key security objectives and definitions of core actors. It then summarizes key GDPR data security requirements in categories of assessment, prevention and monitoring/detection. Finally, it maps specific MySQL Enterprise Edition security features to how they address GDPR requirements around data protection, encryption, access controls and auditing.
Paul Stephen - GDPR The Opportunity & Sitecore ToolSagittarius
Agency CEO, Paul, explores GDPR and the opportunity for brands and marketers as well as how those using Sitecore can tackle the regulation in Versions 8-9.
This document provides guidance for companies outside the EU on complying with the General Data Protection Regulation (GDPR). It discusses how the GDPR applies extraterritorially to non-EU companies that offer goods/services to or monitor EU citizens. It outlines key GDPR concepts like personal data, data controllers, processors, and consent requirements. It recommends companies inventory all data storage locations, review contracts, and assess if a Data Protection Officer is required. It also covers data breach notification timelines and potential fines for noncompliance.
Similar to The ASEAN Data Protection Index 2020 (20)
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
2. TRPC Data Protection Index 2020 | Page 2 of 14
Table of Contents
Table of Contents................................................................................................ 2
Introduction ....................................................................................................... 3
TRPC Data Protection Index 2020 (DPI 2020)......................................................... 4
ASEAN Framework on Personal Data Protection 2016: Principles of Personal Data
Protection ....................................................................................................... 4
Methodology and Assessment Questions ............................................................. 5
Results ........................................................................................................... 6
Observations ................................................................................................... 7
Market Briefs................................................................................................... 8
Appendix A: DPI 2020 Assessment Questions (with grading rubric)......................... 10
Appendix B: Data Protection Assessments and Indexes ......................................... 12
Appendix C: International/Regional Data Protection Frameworks and Mechanisms .... 13
3. TRPC Data Protection Index 2020 | Page 3 of 14
Introduction
Data protection continues to be a growing concern for policymakers and consumers in the
digital economy. As a result, many governments have put in place data protection
frameworks and laws, such as data privacy laws, or personal data protection and privacy
laws, in order to strengthen protection against the misuse and abuse of collected personal
information. Some examples include the Australia Privacy Act 19881
, the Brazilian General
Data Protection Law (LGPD), Federal Law no. 13,709/20182
, and the New Zealand Privacy
Act 1993.3
In addition, a number of international and regional frameworks have developed to manage
data protection,4
such as the European Union’s (EU) General Data Protection Regulation
(GDPR) 2018, the Asia Pacific Economic Cooperation’s (APEC) Cross-Border Privacy Rules
(CBPR) System 2011, and the Association of Southeast Asian Nations (ASEAN) Framework
on Personal Data Protection 2016.
There have been some attempts to assess and measure how each jurisdiction has fared in
strengthening their data protection regulations and laws. These include DLA Piper’s database
on the Data Protection Laws of the World,5
Forrester’s Global Heat Map of Privacy and Data
Protection,6
Commission Nationale de l'Informatique et des Libertés (CNIL) has published a
heatmap on data protection around the world, 7
BestVPN’s Privacy Index 8
, and
Comparitech’s Surveillance States Index.9
The existing body of data protection assessments and indexes make assumptions on what
a strong data protection regime comprises.10
For example, Forrester's Global Heat Map on
Privacy and Data Protection tracks "government surveillance" as it deems that this may
impact privacy. Comparitech assesses "visual surveillance", as well as "democratic
safeguards" such as freedom of speech in the country, and journalist protections. BestVPN
grades countries against the EIU's Democracy Index. CNIL's heatmap on data protection
around the world assesses countries according to adequacy with the EU GDPR.
These factors – evidence of free speech and democracy, or adequacy with the EU GDPR –
may not be universally accepted by countries as evidence for or against a strong data
protection regime.
The inaugural TRPC Data Protection Index 2020 (DPI 2020) is the first index to
establish an objective, data protection assessment mechanism. Based on the seven
Principles of Personal Data Protection in the ASEAN Framework on Personal Data Protection
2016, it poses 12 questions to assess an economy's data protection laws and regulatory
environment. Economies are then scored against these questions, to derive an overall score
that demonstrates if it has a strong data protection regulatory environment.
In this first iteration of the DPI, 30 economies have been scored. To enable policymakers to
conduct comparisons on a national and international level, these countries include all
economies represented in ASEAN (10 member states),11
APEC (21 member economies),12
and the G20 (20 member economies).13
1
https://www.oaic.gov.au/privacy/the-privacy-act/
2
https://www.lgpdbrasil.com.br/wp-content/uploads/2019/06/LGPD-english-version.pdf
3
http://www.legislation.govt.nz/act/public/1993/0028/latest/DLM296639.html
4
See Appendix C for more detail.
5
https://www.dlapiperdataprotection.com/
6
https://heatmap.forrestertools.com/
7
https://www.cnil.fr/en/data-protection-around-the-world
8
https://bestvpn.org/privacy-index/
9
https://www.comparitech.com/blog/vpn-privacy/surveillance-states/
10
See Appendix B for more detail.
11
https://asean.org/asean/asean-member-states/
12
https://www.apec.org/About-Us/About-APEC/Member-Economies
13
https://g20.org/en/about/Pages/Participants.aspx
4. TRPC Data Protection Index 2020 | Page 4 of 14
TRPC Data Protection Index 2020 (DPI 2020)
The DPI 2020 seven Principles of Personal Data Protection in the ASEAN Framework on Data
Protection 201614
to assess the level of data protection across various economies. This is
the first index to use the ASEAN Framework on Data Protection as a best practice guideline,
where the assessment of a positive data protection policy posture by a country would be
one which promotes the free flow of data across borders.
ASEAN Framework on Personal Data Protection 2016: Principles
of Personal Data Protection
The Association of Southeast Asian Nations (ASEAN) developed the Framework on Personal
Data Protection, released in 25 Nov 2016.15
The framework comprises seven Principles of
Personal Data Protection:
1. Consent, Notification and Purpose – (a) an organisation should not collect, use or
disclose personal data about an individual unless: (i) the individual has been notified of
and given consent to the purpose(s) of the collection, use or disclosure of his/her
personal data; or (ii) the collection, use or disclosure without notification or consent is
authorised or required under domestic laws and regulations, and (b) an organisation
may collect, use or disclose personal data about an individual only for purposes that a
reasonable person would consider appropriate in the circumstances.
2. Accuracy of Personal Data - the personal data should be accurate and complete to
the extent necessary for the purpose(s) for which the personal data is to be used or
disclosed.
3. Security Safeguards - the personal data should be appropriately protected against
loss and unauthorised access, collection, use, disclosure, copying, modification,
destruction or similar risks.
4. Access and Correction - upon request by an individual, an organisation should: (i)
provide the individual access to his/her personal data which is in the possession or
under the control of the organisation within a reasonable period of time; and (ii) correct
an error or omission in his personal data, unless domestic laws and regulations require
or authorise the organisation not to provide access or correct the personal data in the
particular circumstances.
5. Transfers to Another Country or Territory - before transferring personal data to
another country or territory, the organisation should either obtain the consent of the
individual for the overseas transfer or take reasonable steps to ensure that the receiving
organisation will protect the personal data consistently with these Principles.
6. Retention - an organisation should cease to retain documents containing personal data,
or remove the means by which the personal data can be associated with particular
individuals as soon as it is reasonable to assume that the retention is no longer
necessary for legal or business purposes.
7. Accountability – (a) an organisation should be accountable for complying with
measures which give effect to the Principles, and (b) an organisation should, on request,
provide clear and easily accessible information about its data protection policies and
practices with respect to personal data in its possession or under its control. An
organisation should also make available information on how to contact the organisation
about its data protection policies and practices.
14
https://asean.org/storage/2012/05/10-ASEAN-Framework-on-PDP.pdf
15
https://asean.org/storage/2012/05/10-ASEAN-Framework-on-PDP.pdf
5. TRPC Data Protection Index 2020 | Page 5 of 14
Methodology and Assessment Questions
The DPI 2020 assessment comprises 12 questions.16
It starts by establishing the existence
of a data protection law and a privacy enforcement authority (PEA), and follows with
questions that operationalise the seven ASEAN Principles of Data Protection into 12
questions and scored according from 6 (strong data protection) to 0 (no data protection).
The scoring also allows for some nuances; for instance where there are draft laws which
have yet to be passed, or where there is evidence that the data protection principle is
protected in another legislation or regulation which may not be in the data protection law.
The assessment concludes with two final questions on whether the economy’s is a participant
in the EU GDPR, APEC CBPR, or similar regional data protection framework.
The DPI 2020 questions are as follows:
1. Does the economy have a personal data protection law?
2. Does the economy have a privacy enforcement authority (PEA)?
3. [ASEAN Principle 1. Consent, Notification and Purpose] Does the personal data
protection law require that organisations obtain consent from individuals, and notify
them of the purposes of collection, use, and disclosure of their personal information by
the organization?
4. [ASEAN Principle 1. Consent, Notification and Purpose] Does the personal data
protection law have clear instructions on exemption circumstances by which consent
from individuals for the collection, use, and disclosure of their personal information, is
NOT required? E.g. where collection of personal information is authorised or required
under domestic laws and regulations?
5. [ASEAN Principle 2. Accuracy of Personal Data] Does the personal data protection
law require organisations to ensure that personal data be accurate and complete for the
extent necessary for the purpose(s) for which the personal data is to be used or
disclosed?
6. [ASEAN Principle 3. Security Safeguards] Does the personal data protection law
require that personal data be appropriately protected against loss and unauthorised
access, collection, use, disclosure, copying, modification, destruction or similar risks?
7. [ASEAN Principle 4. Access and Correction] Does the personal data protection law
require organisations to, upon request from individuals, provide the individual access to
his/her personal data which is in the possession or under the control of the organisation
within a reasonable period of time, and correct an error or omission in his personal data,
unless domestic laws and regulations require or authorise the organisation not to
provide access or correct the personal data in the particular circumstances?
8. [ASEAN Principle 5. Transfers to Another Country or Territory] Does the law
require that, before transferring personal data to another country or territory, the
organisation should obtain the consent of the individual for the overseas transfer?
9. [ASEAN Principle 6. Retention] Does the personal data protection law require that
an organisation cease to retain documents containing personal data, or remove the
means by which the personal data can be associated with particular individuals as soon
as it is reasonable to assume that the retention is no longer necessary for legal or
business purposes, or after a certain period of time (e.g. 5 yrs)?
10. [ASEAN Principle 7. Accountability] Does the personal data protection law require
an organisation to, on request, provide clear and easily accessible information, such as
how to contact the organisation, about its data protection policies and practices with
respect to personal data in its possession or under its control?
11. Is the economy a participant of the EU’s GDPR regime, or meets GDPR adequacy
requirements?
12. Is the economy a participant of the APEC CBPR or similar regional system (promoting
an accountability rather than an adequacy system)?
16
See Appendix A for full questionnaire and scoring mechanism.
6. TRPC Data Protection Index 2020 | Page 6 of 14
Results
The table below shows the ranks and scores across 30 economies.17
MARKET
Q1
Data
protection
(DP)
law?
Q2
Privacy
enforcement
authority
(PEA)?
Q3
Consent
required
for
collection,
use,
discloser
of
personal
info?
Q4
Does
DP
law
allow
for
exemptions?
Q5
Does
PD
law
require
data
to
be
accurate
and
complete
for
its
purpose
of
collection?
Q6
Does
PD
law
require
appropriate
security
safeguards?
Q7
Does
PD
law
allow
the
individual
to
access
and
correct
his
data?
Q8
Does
the
PD
law
require
consent
for
overseas
transfer
of
data?
Q9
Does
the
PD
law
provide
legal
limits
to
retaining
data
(right
to
be
forgotten)?
Q10
Does
the
PD
law
require
the
collecting
organisation
to
provide
clear
data
collection
policies,
and
a
contact
point
for
queries?
Q11
EU
GDPR
participant/adequate?
Q12
APEC
CBPR
participant/similar
accountability
mechanism?
Total
Score
Normalized
Rank
Japan 6 6 6 6 6 6 6 6 6 6 6 6 72 10.0 1
South Korea 6 6 6 6 6 6 6 6 6 6 2 6 68 9.4 2
United States* 5 2 6 6 6 6 6 6 6 6 6 6 67 9.3 3
Australia 6 6 6 6 6 6 6 6 6 6 0 6 66 9.2
=4
Estonia 6 6 6 6 6 6 6 6 6 6 6 0 66 9.2
Germany 6 6 6 6 6 6 6 6 6 6 6 0 66 9.2
Mexico 6 6 6 6 6 6 6 6 6 6 0 6 66 9.2
Singapore 6 6 6 6 6 6 6 6 6 6 0 6 66 9.2
United Kingdom 6 6 6 6 6 6 6 6 6 6 6 0 66 9.2
Brazil 6 6 6 6 6 6 6 6 6 6 0 0 60 8.3
=10
Canada 6 6 6 6 6 6 6 0 6 6 6 0 60 8.3
Hong Kong 6 6 6 6 6 6 6 6 6 6 0 0 60 8.3
Malaysia 6 6 6 6 6 6 6 6 6 6 0 0 60 8.3
New Zealand 6 6 6 6 6 6 6 0 6 6 6 0 60 8.3
Peru 6 6 6 6 6 6 6 6 6 6 0 0 60 8.3
Russia 6 6 6 6 6 6 6 6 6 6 0 0 60 8.3
South Africa 6 6 6 6 6 6 6 6 6 6 0 0 60 8.3
Taiwan 6 6 6 6 6 6 6 0 6 6 0 6 60 8.3
Thailand 6 6 6 6 6 6 6 6 6 6 0 0 60 8.3
UAE* 6 6 6 6 6 6 6 6 6 6 0 0 60 8.3
Brunei 2 6 6 6 6 6 6 6 6 6 0 0 56 7.8
=21
Philippines 6 6 6 6 6 6 6 0 6 6 0 2 56 7.8
India* 4 0 6 6 6 6 6 6 6 6 0 0 52 7.2 23
Indonesia* 4 0 6 0 6 6 6 6 6 6 0 0 46 6.4 24
Chile 6 0 6 6 6 6 6 0 6 0 0 0 42 5.8 25
Vietnam 2 0 2 2 2 2 2 0 2 2 0 0 16 2.2 26
China 2 0 2 2 0 2 2 0 2 2 0 0 14 1.9 27
Laos* 2 0 2 0 0 2 0 0 0 0 0 0 6 0.8 28
Cambodia 2 0 0 0 0 2 0 0 0 0 0 0 4 0.6 29
Myanmar 2 0 0 0 0 0 0 0 0 0 0 0 2 0.3 30
Average score = 8.3
Median = 6
17
* The scores for India and Indonesia are based draft laws which have not been officially passed yet. For the United
States, the EU-US Privacy Shield Framework has been used for the purpose of assessing data privacy. For the UAE, the
Dubai Data Protection Law (DIFC Law No. 1 of 2007) was used. For Laos, no English translation was available for the
Laos Electronic Data Protection Law (EDPL) which was only available officially as a scanned non-machine-readable copy,
and therefore scores are based on data from Data Guidance: https://free.dataguidance.com/laws/laos-electronic-data-
protection-law
7. TRPC Data Protection Index 2020 | Page 7 of 14
Observations
Top scorers have established and/or explicit data protection policies
The scores show that there is a general band of markets who have good to excellent data
protection scores, where they scored 6 or above (the median score). These countries tend
to be countries who have established data protection laws or policies.
The existence of a law or policy which can demonstrably prove that the principles of data
protection are protected in an economy is therefore of paramount importance. All economies
which scored 6 and have an existing data protection law or policy in place.
The exceptions are USA - which has the EU-US Privacy Shield Framework in place, Brunei,
which has a data protection policy, and India and Indonesia, which have draft data protection
policies in place.
Top scorers have strong local data protection laws, and good international
participation
The scores reveal that top scoring economies tended to have strong data protection policies
in place locally, while also participating in international data protection regimes and
mechanisms.
For example, Japan (#1) and South Korea (#2) both have established data protection laws
and enforcement agencies, and are both participating in the APEC CBPR system, as well as
applied to be recognized under the EU's GDPR adequacy requirements. Japan pips South
Korea in this respect, as it received the first adequacy decision by the EU GDPR in Jan 2019,
while South Korea's application has yet to be approved.
Scoring tends to “band”
Most economies studied tended to band around two scores - 9.2/equal 4th rank (6 markets),
or 8.3/equal 10th rank (11 markets). This observation shows that data protection laws have
developed some standard principles which are well-protected amongst most economies.
For example, Australia, Estonia, Germany, Mexico, Singapore, and the United Kingdom all
score equal 4th, and the only differences in their scorings relate to whether or not they are
participating in the EU GDPR or the CBPR mechanisms.
ASEAN economies could use the ASEAN Privacy Principles to establish a baseline
data protection policy or law
Half of ASEAN member states fall in the lower ranks of the DPI 2020, which suggests that
there is still work that needs to be done to improve data protection within the region. There
is a great opportunity for the ASEAN region to work together to improve their policies
together.
This report thus offers an approach unique to ASEAN. Through the DPI 2020, it offers an
approach towards designing a data protection law which is built on the seven principles of
the ASEAN Principles of Data Protection, which may be followed by ASEAN member states
when drafting their data protection laws.
8. TRPC Data Protection Index 2020 | Page 8 of 14
Market Briefs
Australia [9.2/=4th
]
Australia has been one of the leaders in
Asia Pacific data protection laws and
continues to improve consumer data
protection and privacy through
organisations such as the Australian
Competition and Consumer Commission
(ACCC) and the Office of the Australian
Information Commissioner (OAIC).
Brazil [8.3/=10th
]
A data protection market leader in
South America which is leading the way
for its neighbours.
Brunei [7.8/=21st
]
Brunei is notable as it has an
established Data Protection Policy
established in 2014 and enforced by the
E-Government National Centre, under
the Prime Minister’s Office. However, it
remains as a policy, and not a law,
which may be the market’s next step in
strengthening its data protection
regulations.
Cambodia [0.6/29th
]
While citizens' right to privacy are
granted under the Cambodian
constitution, the state has yet to
develop a data protection law.
Canada [8.3/=10th
]
A global leader in privacy laws, Canada
has strived to develop a strong business
environment that allows companies to
trade internationally.
Chile [5.8/25th
]
Chile is unusual in that it has an
established data protection law, but no
central regulator for it. Instead, its laws
are enforced by the courts.
China [1.9/27th
]
No data protection law exists, although
some provisions for its aspects may be
found in its cybersecurity law.
Estonia [9.2/=4th
]
A member of the EU, Estonia’s data
protection laws aligns with the EU
GDPR.
Germany [9.2/=4th
]
A member of the EU, Germany’s data
protection laws aligns with the EU
GDPR. However, Germany is unusual in
that the enforcement of data protection
takes place on a state level, where all
16 of its states work to enforce data
protection.
Hong Kong [8.3/=10th
]
One of the leading Asian states with a
strong data protection law, and an
established data protection agency.
India [7.2/23rd
]
India’s data protection is expected to
improve once its draft Personal Data
Protection Bill 2018 is passed in
Parliament (expected in 2020.)
Indonesia [6.4/24th
]
Indonesia’s data protection is expected
to improve once its draft Data Protection
Law is established (expected date of
approval unknown.)
Japan [10/1st
]
Top-scorer Japan has been a global
leader in establishing strong data
protection laws and partnerships
throughout the world.
Laos [0.8/28th
]
While there is no data protection law,
there are other laws such as the Law on
Resistance and Prevention of
Cybercrime, the Electronic Data
Protection Law, and the Law on
Electronic Transactions, which provide
some form of data protection
safeguards.
Malaysia [8.3/=10th
]
One of the leading ASEAN states with a
strong data protection law, and well-
established data protection agency.
Mexico [9.2/=4th
]
Mexico’s data protection scores are
perfect, save for its participation in the
APEC CBPR, and seeking EU GDPR
adequacy.
9. TRPC Data Protection Index 2020 | Page 9 of 14
Myanmar [0.3/30th
]
Myanmar does not have any data
protection law, although there is a Law
Protecting the Privacy and Security of
Citizens (2017).
New Zealand [8.3/=10th
]
One of the earliest economies to achieve
an EU GDPR adequacy decision, New
Zealand is one of the leader economies
in developing strong data protection
laws in Asia Pacific.
Peru [8.3/=10th
]
Peru’s data protection scores are
perfect, save for its participation in the
APEC CBPR, and seeking EU GDPR
adequacy.
Philippines [7.8/=21st
]
One of the leading ASEAN states with a
strong data protection law, and well-
established data protection agency.
Russia [8.3/=10th
]
The Russian Federal Law on Personal
Data (No. 152-FZ, 27 Jun 2006), is the
backbone of Russian privacy laws,
supported by Roskomnadzor, the federal
authority in charge.
Singapore [9.2/=4th
]
The top-scoring ASEAN state in the DPI
2020, with a strong data protection law,
and well-established data protection
agency.
South Africa [8.3/=10th
]
The leading data protection economy on
the African continent, South Africa boasts
an established data protection act and
regulator.
South Korea [9.4/2nd
]
A pending EU GDPR adequacy
application is the only thing stopping
South Korea from joining Japan as a
top-scoring data protection market.
Taiwan [8.3/=10th
]
A strong Asian market with an
established data protection law.
Thailand [8.3/=10th
]
A leading ASEAN states with a freshly
established data protection law in 2019.
United Arab Emirates [8.3/=10th
]
Due to its establishment as a group of
seven emirates (Abu Dhabi, Dubai,
Ajman, Sharjah, Ras al Khaimah,
Fujairah, and Umm al-Quwain), the UAE
does not have a single data protection
law for its market group. However, if the
Dubai Data Protection Law (DIFC Law
No. 1 of 2007) is any indication, the UAE
has strong principles behind any data
protection law other emirates may draw
up.
United Kingdom [9.2/=4th
]
As it (used to be) a member of the EU,
the UK’s data protection laws align with
the EU GDPR. It remains to be seen if its
strong data protection regime will
continue post-Brexit.
United States [9.2/3rd
]
The USA is an anomaly in the rankings
as it does not have a national law for
protecting data privacy. While we have
used the EU-USA Privacy Shield
Framework as an assessment
benchmark, it would be prudent to note
that this arrangement does not cover all
US citizen data.
Vietnam [2.2/26th
]
No data protection law exists, although
some provisions for its aspects may be
found in its cybersecurity law.
10. TRPC Data Protection Index 2020 | Page 10 of 14
Appendix A: DPI 2020 Assessment Questions (with
grading rubric)
Q1 Does the economy have a personal data protection law?
Yes – 6
No, but in draft form – 4
No, but some principles are established in policies and guidelines or other laws (e.g.
Constitution, Cybersecurity etc) – 2
No - 0
Q2 Does the economy have a privacy enforcement authority (PEA)?
Yes, a national PEA – 6
No, but has sectoral regulator which enforces privacy (amongst other regulatory
requirements) within the industrial sector – 2
No – 0
Q3 [ASEAN Principle 1. Consent, Notification and Purpose] Does the personal
data protection law require that organisations obtain consent from individuals,
and notify them of the purposes of collection, use, and disclosure of their
personal information by the organization?
Yes in the PDP law and universal – 6
Yes in the PDP law, in some cases – 4
No, there is no PDP law, but this principle is protected or evident in other laws/sectoral
regulations – 2
No, there is no PDP law, and there are no protections around this principle – 0
Q4 [ASEAN Principle 1. Consent, Notification and Purpose] Does the personal
data protection law have clear instructions on exemption circumstances by
which consent from individuals for the collection, use, and disclosure of their
personal information, is NOT required? E.g. where collection of personal
information is authorised or required under domestic laws and regulations?
Yes in the PDP law and universal – 6
Yes in the PDP law, in some cases – 4
No, there is no PDP law, but this principle is protected or evident in other laws/sectoral
regulations – 2
No, there is no PDP law, and there are no protections around this principle – 0
Q5 [ASEAN Principle 2. Accuracy of Personal Data] Does the personal data
protection law require organisations to ensure that personal data be accurate
and complete for the extent necessary for the purpose(s) for which the personal
data is to be used or disclosed?
Yes in the PDP law and universal – 6
Yes in the PDP law, in some cases – 4
No, there is no PDP law, but this principle is protected or evident in other laws/sectoral
regulations – 2
No, there is no PDP law, and there are no protections around this principle – 0
Q6 [ASEAN Principle 3. Security Safeguards] Does the personal data protection
law require that personal data be appropriately protected against loss and
unauthorised access, collection, use, disclosure, copying, modification,
destruction or similar risks?
Yes in the PDP law and universal – 6
Yes in the PDP law, in some cases – 4
No, there is no PDP law, but this principle is protected or evident in other laws/sectoral
regulations – 2
No, there is no PDP law, and there are no protections around this principle – 0
Q7 [ASEAN Principle 4. Access and Correction] Does the personal data protection
law require organisations to, upon request from individuals, provide the
individual access to his/her personal data which is in the possession or under
the control of the organisation within a reasonable period of time, and correct an
error or omission in his personal data, unless domestic laws and regulations
require or authorise the organisation not to provide access or correct the
personal data in the particular circumstances?
Yes in the PDP law and universal – 6
Yes in the PDP law, in some cases – 4
No, there is no PDP law, but this principle is protected or evident in other laws/sectoral
regulations – 2
No, there is no PDP law, and there are no protections around this principle – 0
11. TRPC Data Protection Index 2020 | Page 11 of 14
Q8 [ASEAN Principle 5. Transfers to Another Country or Territory] Does the law
require that, before transferring personal data to another country or territory,
the organisation should obtain the consent of the individual for the overseas
transfer?
Yes in the PDP law and universal – 6
Yes in the PDP law, in some cases – 4
No, there is no PDP law, but this principle is protected or evident in other laws/sectoral
regulations – 2
No, there is no PDP law, and there are no protections around this principle – 0
Q9 [ASEAN Principle 6. Retention] Does the personal data protection law require
that an organisation cease to retain documents containing personal data, or
remove the means by which the personal data can be associated with particular
individuals as soon as it is reasonable to assume that the retention is no longer
necessary for legal or business purposes, or after a certain period of time (e.g. 5
yrs)?
Yes in the PDP law and universal – 6
Yes in the PDP law, in some cases – 4
No, there is no PDP law, but this principle is protected or evident in other laws/sectoral
regulations – 2
No, there is no PDP law, and there are no protections around this principle – 0
Q10 [ASEAN Principle 7. Accountability] Does the personal data protection law
require an organisation to, on request, provide clear and easily accessible
information, such as how to contact the organisation, about its data protection
policies and practices with respect to personal data in its possession or under its
control?
Yes in the PDP law and universal – 6
Yes in the PDP law, in some cases – 4
No, there is no PDP law, but this principle is protected or evident in other laws/sectoral
regulations – 2
No, there is no PDP law, and there are no protections around this principle – 0
Q11 Is the economy a participant of the EU’s GDPR regime, or meets GDPR
adequacy requirements?
Yes – 6
No, but has adequacy agreement – 4
No, but is in talks for adequacy decision – 2
No - 0
Q12 Is the economy a participant of the APEC CBPR or similar regional system
(promoting an accountability rather than an adequacy system?
Yes – 6
No, but has applied – 2
No - 0
12. TRPC Data Protection Index 2020 | Page 12 of 14
Appendix B: Data Protection Assessments and
Indexes
DLA Piper runs a data protection laws of the world database,18
tracking each country
against evidence of good data protection governance. It tracks aspects of strong data
protection regulations, such as presence of a data protection law, how it is defined, its
authorities, how the country manages registration and data protection officers, how the
country has implemented rules around the collection and processing of data, transfer of
data, data security, breach notification, enforcement mechanisms, rules around electronic
marketing, and protections for online privacy.
Forrester has a Global Heat Map of Privacy and Data Protection,19
which bands
countries according to specific parameters, such as: privacy and data protection by country,
scope of protection, covered entities, data transfers to other countries, EU adequacy, data
protection established, government surveillance, privacy rights established in constitution.
France's Commission Nationale de l'Informatique et des Libertés (CNIL) has
published a heatmap on data protection around the world,20
showing where countries
are an EU member country, and where other non-EU states are (1) adequate to the GDPR,
(2) partially adequate, (3) where there are presence of a data protection authority and
law(s), (4) where there are data protection law(s), and (5) where there is no specific data
protection law. The CNIL's methodology therefore places countries in specific bands, with
the strongest countries being EU member economies, and/or countries which are deemed
GDPR adequate countries.
BestVPN also has a Privacy Index21
which scores countries on how strong they are in
protecting consumer privacy. It uses a composite score of seven factors to derive its
scoresheet: (1) press freedom, (2) existence of data privacy laws, (3) democracy index, (4)
freedom of opinion and expression is effectively guaranteed, (5) freedom from arbitrary
interference with privacy is effectively guaranteed, (6) the government does not expropriate
without lawful process and adequate compensation, and (7) cybercrime legislation
worldwide.
Comparitech has a similar Surveillance States Index,22
which ranked 47 countries by
privacy laws and government surveillance indicators, including: constitutional and statutory
protection, enforcement, identity cards and biometrics, data sharing, video surveillance,
communication interception, workplace monitoring, government access to data,
communications data retention, surveillance of movement for finance and medical data,
border issues, leadership, and democratic safeguards.
18
https://www.dlapiperdataprotection.com/
19
https://heatmap.forrestertools.com/
20
https://www.cnil.fr/en/data-protection-around-the-world
21
https://bestvpn.org/privacy-index/
22
https://www.comparitech.com/blog/vpn-privacy/surveillance-states/
13. TRPC Data Protection Index 2020 | Page 13 of 14
Appendix C: International/Regional Data Protection
Frameworks and Mechanisms
European Union’s (EU) General Data Protection Regulation (GDPR) 2018
The EU GDPR23
came into effect on 25 May 2018, and was established as a legally-
enforceable legislation in all 28 EU economies: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia,
Slovenia, Spain, Sweden, United Kingdom.24
The GDPR centres around the individual’s rights,25
which include:
1. Right to know about when personal information is collected – to have transparency on
information about the processing of their personal data;
2. Right of access – to obtain access to the personal data held about them;
3. Right to rectification – to ask for incorrect, inaccurate or incomplete personal data to
be corrected;
4. Right to erasure/be forgotten - request that personal data be erased when it is no
longer needed or if processing it is unlawful;
5. to object to the processing of their personal data for marketing purposes or on grounds
relating to their particular situation;
6. Right to data portability – to receive their personal data in a machine-readable format
and send it to another controller;
7. Right to object and automated individual decision-making – to request the restriction
of the processing of their personal data in specific cases; and/or to request that
decisions based on automated processing concerning them or significantly affecting
them and based on their personal data are made by natural persons, not only by
computers. They also have the right in this case to express their point of view and to
contest the decision.
The GDPR is an adequacy-based regime, and non-EU countries may apply for the European
Commission (EC) to determine if it offers an adequate level of data protection. A successful
adequacy decision means that personal data can be transmitted to that country from the
EU (and Norway, Liechtenstein and Iceland) without further safeguards.
To date, the EC has recognized the following markets as providing adequate protection:
Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel,
Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay, the United States of
America (limited to the Privacy Shield framework), with South Korea having an ongoing
application.
APEC Cross-Border Privacy Rules (CBPR) System
Another data protection framework which has developed is the APEC CBPR System,26
which was built on the APEC Privacy Framework 2005, updated in 2015, which in turn was
derived from the Organisation for Economic Co-operation and Development (OECD) eight
Privacy Principles, developed in 1980 and updated in 2013.27
The APEC CBPR system was endorsed by APEC leaders in 2011, and involves nine
Information Privacy Principles to prevent abuse and misuse of information: (1) preventing
harm, (2) notice, (3) collection limitation, (4) uses of personal information, (5) choice, (6)
integrity of personal information, (7) security safeguards, (8) access and correction, and
(9) accountability.
However, unlike the EU GDPR where compliance is mandatory and applies to all EU
economies, the APEC CBPR is a voluntary, accountability-based system designed for the
private sector to gain a trusted accreditation proving that their business practices adhered
to specific privacy rules.
23
https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1528874672298&uri=CELEX%3A32016R0679
24
The United Kingdom has officially left the EU as of 12 April 2019; negotiations are ongoing regarding the technical
aspects of its withdrawal.
25
https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights/what-are-my-rights_en
26
http://cbprs.org/about-cbprs/
27
https://www.apec.org/About-Us/About-APEC/Fact-Sheets/What-is-the-Cross-Border-Privacy-Rules-System
14. About the TRPC Data Protection Index 2020 (DPI 2020)
The inaugural DPI 2020 is the first index to establish an objective, data
protection assessment mechanism based on the seven Principles of
Personal Data Protection in the ASEAN Framework on Personal Data
Protection 2016. It scores 30 markets across 12 questions that assess an
economy's data protection laws and regulatory environment. To enable
policymakers to conduct comparisons on a national and international
level, this first iteration of the DPI includes all economies represented in
ASEAN (10 member states), APEC (21 member economies), and the G20
(20 member economies).
About TRPC Pte Ltd
TRPC is a boutique consulting and research firm with over 25 years’ experience in the
telecommunications and ICT industries in the Asia-Pacific. We offer specialised advisory,
research, and training services, with a focus on regulatory and strategic business issues,
and possess an extensive network of industry experts and professionals throughout the
region.
Our research focuses on the economic impact of the emergence of new business models
and the developments in telecommunications and information technologies, as well as
their associated policy and regulatory issues. Our expertise encompasses both the more
developed ICT countries (e.g. South Korea, Japan, and Hong Kong) and those with
fast-growing and emerging ICT industries (e.g. Indonesia, Philippines, and Vietnam).
We provide an intersection between academia, businesses, and relevant policy makers
for the technology, telecommunications, and the ICT industries broadly defined,
including the impact upon, and opportunities generated by, the use of new digital
technologies in non-tech industries. Our recent work covers a range of up-and-coming
areas such as blockchain and cryptocurrencies, digital identities, cloud computing and
healthcare, cross-border data flows, and data analytics and credit ratings systems,
among others.
TRPC has offices in Hong Kong, Melbourne, and Singapore with on-the-ground presence
or associates throughout the Asia-Pacific region. Visit us online at https://trpc.biz or
contact us at info@trpc.biz.