![“The course has a definitive guide for Data Protection Officers who are looking towards being
operationally ready. What I learned the most would be the specific steps in preparing a robust
data protection management programme.”
“Relevant to my consulting practice going forward [the Model] provides a more detailed
framework to advise clients on how to set up their privacy management plan.”
“The ‘learn and align’ [component structure] provides a good way to frame the settings for our
consulting with the management to align with their business objectives and enrol support.”
“The training provides in detail the steps required to set up a data privacy programme (right
from the start).”
“The training is very useful, how we combine data privacy knowledge and GRC perspective.”
“Found it useful to have understood the privacy framework in the larger context of GRC.”
Testimonials](https://image.slidesharecdn.com/dataprotectionpredictionsfor2023-230118122235-b55ec66c/85/Data-Protection-Predictions-for-2023-pdf-49-320.jpg)
Data Protection Predictions for 2023.pdf
- 1. 1
- 2. Ongoing digital transformation will create increased privacy and security threats 1
- 3. Key Drivers Growth of the 5G World Pervasive use of new technologies Post Covid19 recovery
- 4. Privacy and Security Threats - new privacy-intrusive technologies and their use Privacy legislation playing catch up with new technology Privacy issues as a result of monetization of PII / Sensitive data Non-savviness of users leading to scams / hacking
- 5. Recommendations • Data protection office to focus on business objectives vs compliance objectives in post-covid period • Data Governance is key - increasing value of data besides decreasing the risks to personal data • Conduct DPIA - data protection impact assessments to address privacy / security risks • Conduct third-party due diligence for new projects as well as having contracts which spells out data protection requirements • Increase awareness of privacy risks and data protection requirements thru regular training, reminders and competency assessments.
- 6. Continued increase in privacy breaches and enforcements (beyond data security) 2
- 7. GDPR Enforcement Cases in EU – 1374 Enforcements since 2018 (Tracked) 7 29 Articles CY18 CY19 CY20 CY21 CY22 ART 5 (GDPR principles) 13 71 198 223 288 ART 13 (Transparency / Notification) 4 18 34 90 114 ART 6 (Lawfulness of Processing) 8 62 130 113 108 ART 32 (Security of Processing) 8 41 83 103 93 ART 12 (Info to be provided - direct source) 1 9 23 37 65 ART 9 (Sensitive data) 6 10 26 34 Besides info security, complying with other privacy rules (e.g transparency, lawfulness of processings, sensitive data) are also key.
- 8. 8 FINES (>5m EUR) Meta Platforms, Inc. $405,000,000 Meta Platforms Ireland $282,000,000 Clearview Al Inc. $69,000,000 Google LLC $10,000,000 REWE International AG $8,000,000 Cosmote Mobile Telecommunications S.A. $6,000,000 Interserve Group Limited $5,033,000 Total $785,033,000 Key enforcements on tech giants continue with major enforcements on AI software companies (all involving social networks) GDPR Enforcements Cases in EU
- 9. PDPC Enforcement Cases in Singapore S$98.5k S$99k S$141k S$1.64m S$425.5k S$309k COVID-19 Total No. of Organisations involved in PDPC Enforcement Cases S$467k Total amount of fines imposed (including average fines) increased in 2022
- 10. No Industry is spared from enforcement (including non profit organisations) PDPC Enforcement Cases in Singapore
- 11. Majority of enforcements were breach of the Protection obligation. Others include Accountability (policies) and Transfer Limitation obligation PDPC Enforcement Cases in Singapore
- 12. Recommendations • Continued management attention to support an integrated data strategy for digitalization. • Urgent need to review SOPs to comply with all PDPA obligations, besides data security. • With penalties for data breaches increasing (up to SGD 1 million or 10% of a company’s annual turnover as of 1 October 2022) • Identify common risks to personal data as threats are evolving at an alarming rate with new technologies and projects.
- 13. More regulatory actions expected against improper/unfair use of social media, surveillance and children’s data 3
- 14. Tracked Cases CY2018 CY2019 CY2020 CY2021 CY2022 Grand Total CCTV/Surveillance 4 18 32 61 105 220 Social Media 5 7 14 16 42 Children / Schools 4 13 20 8 45 Others… Total Cases EU 29 162 315 422 446 1374 GDPR Enforcement Trends (Tracked cases) Increasing trends of cases involving surveillance Cases and huge penalties involving social media Regulatory attention on processing children’s data
- 15. Instagram fined €405m by Irish Regulators (Sep 2022) TikTok is facing a potential $29M fine from U.K.'s ICO (Sep 2022) FTC Announces $520 Million in Penalties for Fortnite Game Maker (Dec 2022) …reports that two of the four social media and tech firms under investigation are household names. Breach of Children’s Privacy Rules…
- 17. Countries with Privacy Rules relating to Children Children data classified as sensitive / Parental Consent needed Global Regional GDPR (ART 8) Children’s Online Privacy Protection Act Consumer Privacy Protection Act
- 19. What Happens Behind the Scenes
- 20. Another lawsuit is taking on Apple’s data collection practices in the wake of a recent report by independent researchers who found Apple was continuing to track consumers in its mobile apps, even when they had explicitly configured their iPhone privacy settings to turn tracking off. The proposed class action lawsuit, filed by plaintiff Elliot Libman on behalf of himself and other impacted consumers, alleges that Apple’s privacy assurances are in violation of the California Invasion of Privacy Act.
- 21. Google’s plan to phase out third-party cookies and replace them with a bundle of new standards referred to as the “Privacy Sandbox” just overcame a key regulatory hurdle. The UK’s competition regulator, the Competition and Markets Authority (CMA), has formally accepted Google’s commitments about how it’ll develop the new standards so they don’t harm competition or unfairly benefit the search giant’s own advertising business, the regulator announced today. ”We present our concerns with Privacy Sandbox not only as a browser maker, but as individuals worried that Privacy Sandbox threatens what makes the Web special and unique: that users can modify their Web experience to best suit their needs and wants, and that features in the Web are designed first and foremost to benefit users.”
- 22. Recommendations • Identify if online services/software offerings/apps include processing of children’s data (any the relevant restrictions) • Review SOPs and practices relating to use of social networks and any in-house mobile apps (for excessive processing and tracking) • Adopt Data protection by Design & by Default to ensure there are sufficient protections in place especially for children’s data • Recommended course: Mobile Apps - Privacy by Design and Design Thinking) • Conduct relevant due diligence/DPIA of outsourced of mobile and to third-party developers
- 23. Transition from data protection to data governance as demand for data protection related expertise grows 4
- 24. Data Protection Laws in the Region Countries with Comprehensive Laws covering the public sector Thailand PDPA (2022) Indonesia PDPL (end 2022*) Singapore PDPA (2012) Amendments 2021 Feb Malaysia PDPA (2010) Upcoming amendments Philippines DPA (2012) India DPDP Bill (2023) China PIPL (2021) General Data Protection Regulation (GDPR) in EU Requirements for DPO Before GDPR After GDPR Vietnam PDP Draft (2023/24) Brunei PDP (2023/24) American Data Protection and Privacy Act (2023/24) More data protection laws being introduced…
- 25. 25 +125% From 2021 to 2022, no. of positions increased by record 125% Growth in Data Protection Jobs – 1 month job postings Impact of first PDPC enforcements Intensified PDPC enforcements (Singhealth) Momentum for demand for Data Protection expertise continues 59% CAGR over 6 years Covid19 Pandemic
- 26. 26 From 2021 to 2022, no. of positions increased by 125% There is also a significant increase of Data Governance Specific Roles by 272% in 2022. +259% No. of Jobs Growth in Data Protection Jobs – 1 month job postings
- 27. 27 Trend of Jobs in Sole DPO / DP Office vs Jobs with DP Requirements Record growth driven by job roles with data protection requirements
- 28. 28 Growth in “DATA GOVERNANCE” Mentioned in “Data Protection Related Jobs No. of Jobs +608%
- 29. Recommendations • Propose starting a data governance team within your organisation (if applicable). • Shortage of data protection expertise means increased job opportunities and better career progression for individuals trained in Data Protection and Data Governance. • Consider advanced diplomas in data protection / governance from SMU • Be familiar with the General Data Protection Regulation (GDPR) and new regional laws. • Get certified with the International Association of Privacy Professionals • Get involved with Data Protection and Data Governance practitioners’ communities • Join our DPEX network community and social media groups
- 30. Increased Focus on AI Governance and ethics as EU passes new AI Governance Law 5
- 31. How Hackers Use AI and Machine Learning Using Deep Fakes Social Engineering Faster Password Guessing More Sophisticated Phishing Emails
- 32. 32 A high-profile tax fraud scheme has raised more concerns about China’s lax data security practices, especially as it relates to the country’s widespread use of facial recognition. In the scheme, a pair of fraudsters used facial images purchased on the black market to create synthetic identities and set up a shell company that issued fake tax invoices worth as much as 500 million yuan (approximately $76.2 million USD). 18 Oct 2021 An unprecedented cybercriminal incident was detected in the United Arab Emirates (UAE), where the manager of a bank was deceived by hackers who used a complex technique to bypass security systems and steal a millionaire figure. According to the report, the threat actors employed an artificial intelligence tool to clone the voice of a business owner, whose accounts were at the attacked bank, allowing them to trick the manager into authorizing $35 million USD of bank transfers. By Catherine Stupp Updated Aug. 30, 2019 12:52 pm ET Previous incidents involving AI / Deep Fakes
- 33. Binance Chief Communications Officer Patrick Hillmann wrote in a blog post last week that internet scammers had been using deepfake technology to copy his image during video meetings. He started to catch on to this trend when he received messages from the leadership of various crypto projects thanking him for meetings he never attended. 2022 Incident involving AI / Deep Fakes Simon Cowell “Singing” on AGT
- 34. Governing the Use of AI AI Ethical Principles •Respect for human values •Professional responsibility •Fairness and non-discrimination, •Privacy, accountability •Transparency and explainability •Human control of technology Common Ethical Principles • Respect for persons • Beneficence • Nonmaleficence • Justice
- 35. Global National AI Initiatives – Timelines
- 36. National AI Strategy (Sep 2021) EU AI Act (*2023) Digital Charter Implementation Act (Nov 2022) AI Bill of Rights (Oct 2022) AI Ethical Guidelines (2021) Legal Framework for AI (2021) Global AI Initiatives by Governments First AI Law in EU and its global implications
- 37. Recommendations • For organisations to reap the benefits of AI and Machine Learning technology - learn to use AI and Machine learning ethically while giving due regard to legal and privacy considerations • Refer to IMDA’s Model AI Governance Framework • For individuals to increase their value to the organisation - utilise opportunities created by the advent of AI and Machine Learning by taking on Data Governance competencies. • Recommended course: Data Ethics and AI Governance Frameworks with SMU
- 38. Summary: 5 Data Protection Trends 1) Ongoing digital transformation will create increased privacy and security threats 2) Continued increase in privacy breaches and enforcements beyond data security 3) Transition from data protection to data governance as demand for data protection related expertise grows 4) More regulatory actions expected against improper/unfair use of social media, surveillance and children’s data 5) Increased Focus on AI Governance and ethics as EU passes new AI Governance Law
- 40. Look for Straits Interactive and click “LIKE” JOIN our chat groups (tips, guidance, updates, job opportunities) Indicate in interest form
- 41. www.dpexnetwork.org We run the region’s largest Data Protection Excellence Network (dpexnetwork.org) (join as a Free member) Free Webinars • CXO Roundtable • DPO Roundtable • DPOinBOX Academy (CPE points applicable) Resources • 5 minutes videos (enforcements) • Real-time news on Data Protection
- 42. Data Protection Principles – SG, HK, India Data Protection Principles – PH, MY Data Protection Principles – Indonesia, Thailand, Rest of the World Data Protection Principles – Taiwan, China GDPR & Application on Asia Data Protection Framework and Standards Advanced Certificate in Data Protection Operational Excellence Advanced Certificate in Data Protection Principles 1 2 3 4 6 5 A Practical Approach to Data Protection for DPOs 1 Information & Cyber Security for Managers 2 Data Protection Management Programme (DPMP) 4 Advanced Data Protection Techniques: Data Protection by Design, DPIA & DPTM 3 Data Protection Trends & the Roles of the DPO 5 Data Protection Route
- 43. Mobile Applications - Privacy by Design and Design Thinking Concepts and Principles of Records Management in Today’s Digital Environment Implementing a Compliance Management System ISO37301 Implementing the Privacy Information Management Standard ISO27701 Data Protection Risks and Audit Management Digital Data Governance Frameworks and Standards Crisis Communications and Data Breach Response for DPOs 1 2 3 4 6 5 Adv Cert in Governance, Risk Mgmt, Data Compliance Adv Cert in Data Governance Systems (Launched 2022) Data Governance Route GRCP – GRC Certifications Managing Performance, Stakeholders, Team Strengths for Data Governance Data Ethics and AI Governance Frameworks Policy and Third Party Management of Data Governance, Risk, Compliance: A Hands-on Approach Business Continuity Management for Managers 1 2 3 4 6 5
- 44. Privacy
- 45. DGO GRC and Data Governance Professionals Awarded by Open Compliance Ethics Group (OCEG) Governance Professional Certification Route 45 Validates that you understand and can apply GRC in your organization. It ensures that you have the versatile skill set to integrate and advise on governance, strategy, performance, risk, compliance, ethics, internal control, security, privacy, and audit activities. A holistic approach to governance, risk, and compliance, with a specific focus on the data privacy/ protection domain. Perfect for anyone who works directly or indirectly in any aspect of data privacy, protection, or governance. IDPP helps to integrate what you do with the other departments and disciplines, including mainline business operations.
- 46. Integrated Data Privacy Capability Model • The Integrated Data Privacy Capability Model includes standards for management actions and controls upon which an organization may build an integrated approach to data privacy that addresses compliance and risk concerns
- 47. • Sign up as an OCEG member at OCEG.org • Download the beta version of IDPM • Get the All Access Pass (US$399) • Prepare for the IDPP exam • Take the hybrid course with Straits Interactive (recommended, optional) to get the detailed training and hands-on experience • Pass the exam and maintain the certification! How to get Certified…
- 48. Hands-on Training to Become an IDPP Existing OCEG members with the All Access Pass (AAP): Special Promotional Price* US$600 (RRP US$999) New to IDPP (includes All Access Pass) Special Promotional Price* - With a Coupon Code US$999 (RRP US$1,299) Start date: 14 Mar 2023 What is included: • All Access Pass US$399 • Access to IDPM eLearning portal • Enforcement video clips • 3 weekly “live” training sessions over 3 weeks (1 hr each) • Hands-on training with data privacy management software • Capstone project with instructor feedback
- 49. “The course has a definitive guide for Data Protection Officers who are looking towards being operationally ready. What I learned the most would be the specific steps in preparing a robust data protection management programme.” “Relevant to my consulting practice going forward [the Model] provides a more detailed framework to advise clients on how to set up their privacy management plan.” “The ‘learn and align’ [component structure] provides a good way to frame the settings for our consulting with the management to align with their business objectives and enrol support.” “The training provides in detail the steps required to set up a data privacy programme (right from the start).” “The training is very useful, how we combine data privacy knowledge and GRC perspective.” “Found it useful to have understood the privacy framework in the larger context of GRC.” Testimonials
- 50. Corporate staff Awarded by DPEX Network Elearning for Corporates and Individuals 50 Certified Data Protection Practitioner Certified Data Governance Practitioner This certification programme is designed for DPOs, DGOs, Compliance officers and professionals who are looking to get recognition as a preferred and certified practitioner in data governance management. This programme aims to provide participants with the knowledge and tools to implement data governance systems or Data Protection in the organisation. It is also an opportunity for participants to gain hands-on experience through project work. Corporate eLearning for staff ● Flexible Staff Training ● Trackable by the Organisation This interactive e-learning module traverse through Information Life Cycle, and data protection obligations and principles most applicable at each stage. Includes: • Case studies of actual enforcement • Importance of policies and the actions to mitigate risks • Accountability tools to protect personal data in Organisation Individuals
- 51. Keeping your staff abreast of data protection obligations and operational risks, from existing staff to new staff is a challenge. Every person in an organisation plays a part in data protection. The simplest of mistakes could well lead to a data breach.
- 52. SPEED Interested in using e-Learning to enhance your staff training? Contact us at sales @straitsinteractive.com