We first published the following White Paper extract in October 2011. While the White Paper might be somewhat dated (and therefore will be refreshed shortly), it remains relevant for our friends interested in learning the basics of Asia Pacific cyber/privacy law. Please let me know if you’d like to see the entire paper. Rick
The Internet facilitates the widespread and instantaneous flow of information across international borders. While the advent of this method of transnational communication has truly created a “global economy,” at the same time, it has engendered problems for companies and their insurers which seek to assess risk and implement information safeguards, particularly in the face of divergent data privacy laws which vary from region to region or may not even exist in certain jurisdictions. The Asia-Pacific region typifies such a lack of uniformity.
At the same time, the emerging economies in this rapidly growing part of the world have generated promising targets for computer hackers. 75% of Asia-Pacific enterprises have experienced cyber attacks in the past 12 months. Perhaps not surprisingly, a 2010 study by Symantec reported that almost half of all Asia-Pacific-based businesses (and 67% in Singapore) ranked cyber risk and information security as their top concern—more so than natural disasters, terrorism, and traditional crime combined. Cyber attacks and data breaches are on the radar of CEOs and risk managers for good reason: the average cost for a large company to remediate a data breach in Australia increased to nearly $2 million in 2010, which is slightly up from 2009. See Ponemon Institute/Symantec 2010 Annual Study: Australian Cost of a Data Breach (May 2011).
Notwithstanding the prevalence of such attacks, it is far more likely that a cyber security program is managed as a part of a company’s traditional business risks, with traditional coverages being contorted to cover various components of cyber risk (i.e. property loss, liability to third-parties, business interruption, etc.), rather than by way of a dedicated cyber-specific insurance program. Still, in light of recent developments, it is virtually certain that companies soon will begin looking to transfer such risk via more efficient and targeted technology insurance forms and policies
In order to simplify the situation, the Asia Pacific Privacy Authorities (APPA), the principal forum for privacy in the Asia-Pacific region, has expressed a desire to unify local privacy laws. APPA convenes twice a year and discusses permanent agenda items such as privacy and security, cross-jurisdictional law enforcement in the Pacific Rim, privacy legislation amendments, cryptography, and personal data privacy. Local delegations include members from Australia, New Zealand, Hong Kong, and Korea, among others. Notwithstanding, until a consistent approach to privacy law is adopted, conflicts in laws and governing regimes will combine to frustrate both policyholders and their insurers in light of the confusion created by the current divergence in governing approaches. We discuss herein the laws and information privacy regulations of three specific Asia-Pacific jurisdictions: Australia, Hong Kong, and Singapore, which exemplify the inconsistency of Asian-Pacific privacy laws.
One Response to “Asia-Pacific Cyber Law Risks and Developments”
Leave a Reply
You must be logged in to post a comment.