100 likes | 240 Views
LegalTech Asia DATA PRIVACY LAWS UPDATE. Edward Chatterton 4 March 2013. Agenda and Introduction. International data protection landscape – trends Asia Pacific Data Privacy Heat Map and recent developments Why it is relevant to Law firms and their IT Departments
E N D
LegalTech AsiaDATA PRIVACY LAWS UPDATE Edward Chatterton 4 March 2013
Agenda and Introduction • International data protection landscape – trends • Asia Pacific Data Privacy Heat Map and recent developments • Why it is relevant to Law firms and their IT Departments • Compliance Building Blocks • DLA Piper - Data Privacy Laws of the World Data Protection Master Class
The growth of global privacy laws No. of countries with privacy laws Time Period
Asia Pacific Heat Map Recent Highlights Heat Map • Hong Kong – new amendment ordinance passed in June, to come into force in phases starting from 1 October, major provisions coming into force on 1 April 2013 • Philippines – 1st DP law recently passed influenced EU Directive the Asia Pacific Economic Cooperation Information Privacy Framework. • South Korea – new (and draconian) law came into force in September 2011 • Malaysia – 1st DP law passed in April 2010, still awaiting to come into force • Singapore – 1st DP law now passed. Bill published • Vietnam – consumer protection law (which protects consumer data) took effect July 2011 • Taiwan – new DP act to come into force 1 Oct 2012 (in parts) Insert filename here
Why it matters to Law firms and their IT departments? Law Firms often/always … • Collect customer, employee, supplier, agents… information and store these in centralised marketing databases • Transfer personal data across international borders • Hire employees • Use or process personal data • Transfer personal data to others • Outsource HR and payroll functions to others either within or ourside their corporate group • Provide Consolidated IT services to service multinational practices across separate country based partnerships • Outsource data management functions to others (e.g. cloud)? • Do direct marketing
… at your own risk • Increasing regulation • Criminal prosecution • Imprisonment • Fines • Reputational damage • Civil actions • Regulatory investigation • Enforcement actions
What compliance might look like…… Governance and accountability Executive buy-in Training and awareness Data transfer agreement Global data protection policy Policies and procedures Statement of requirements Verification and audit DPA notifications country variations country variations country variations • HR • Client data • Direct marketing • Records management • Electronic usage • Security • Social media • Vendors • Cookie • CCTV • Local law compliance on top of this • Sets structure for other components • Generic code of conduct • Statement of good practice Data Protection Master Class
We already know what the law says…. Data Protection Master Class