Learn more about our comprehensive legal services.
Advising our clients on different opportunities and challenges of the industry.
Developing a unique culture, which blends traditional client care with modern technology and working practices since 1851.
Stay up to date on the latest news and legal insights.
News & Insights
Authored by: So Yin Hui and Jocelyn Chan
Data breach incidents have dominated recent headlines. While these incidents are unfortunate for the parties involved, they provide us with valuable lessons about the proper approach to processing personal data and cybersecurity.
In this article, we highlight some of the key lessons to be learnt.
1. It is now commonplace for organisations to have in place policies on data handling and information security which reflect requirements under data privacy laws. Whilst this is a good first step, care must be taken to ensure:
2. Organisations should also proactively conduct regular security audits to monitor potential threats and developments. What amounts to “regular” would depend on the scale of information systems and amount of personal data processed. For large organisations, it may be necessary to conduct risk assessments and security audits at least once a year. In addition, prior to deploying a new system or upgrade, a pre-implementation risk assessment or independent security audit should be conducted.
3. For organisations that operate large-scale information systems and retain significant amounts of personal data, it is not enough to rely on a single anti-malware software program to detect suspicious activities, which can easily be disabled by hackers. Rather, a “defence-in-depth” cybersecurity strategy that uses multiple security measures to safeguard an organisation’s systems should be deployed.
These are just a few of the many lessons learnt from recent data breach incidents. To ensure compliance with applicable data privacy laws, in particular regarding the retention of personal data and data security, we recommend clients to take this opportunity to review their privacy policies and security measures to check for any gaps and room for improvement.
Subscribe to Publications
Sign up for our regular updates covering the latest legal developments, regulations and case law.
Media Contact
For media enquiries please contact us at media.relations@deacons.com.
Tel: +852 2825 9211