Pandemic brings new data risks

Pandemic brings new data risks

More privacy breaches could arise from greater digitisation and workfrom-home surveillance, says Data Protection Excellence Centre

Southeast Asia can expect to see more specific privacy breaches attributed to continued pandemic conditions this year, according to the Data Protection Excellence (DPEX) Centre, the learning and research arm of Singapore-based Straits Interactive.

First, as the impact of the Omicron variant is being felt worldwide, digitisation and surveillance efforts are expected to continue at government and organisation levels. This will create more privacy issues and breaches due to the following factors:

  • Verifying and monitoring vaccinated individuals and those with Covid-19 for a legitimate purpose, but with privacy impacts on individuals;
  • Stricter contact tracing requirements through vaccinated travel lanes, including mandatory requirements to download contract tracing mobile apps at travel destinations;
  • Digitisation and transformational activities of companies with little regard to security and privacy requirements at the design level.
  • In addition, in light of continued lockdowns and work-from-home requirements, the DPEX Centre expects continued breaches of data protection laws to result from:
  • Increased spamming activities from companies;
  • Software for monitoring employees becoming more prevalent and the use of new intrusive technologies (including artificial intelligence), especially in mobile apps;
  • Continued cyberattacks, as well as identity theft and phishing, involving sophisticated technologies (for example, deepfakes).

“Expect to see more sophisticated breaches created by the pandemic situation in 2022 — whether it involves a data breach in a contact tracing app, unauthorised use of Covid-19-related personal data, or via the use of new privacy-intrusive technologies to profile or perform surveillance of individuals,” said Kevin Shepherdson, chief executive of Straits Interactive.

“Combine this with newly updated or newly introduced data protection laws — such as China’s Personal Information Protection Law — as well as the upcoming laws in the region, in India, Thailand and Indonesia, we expect demand for data protection expertise and data protection officers to continue to grow.”

In November 2021, the DPEX Centre reported that dedicated DPO jobs in Singapore increased by 54% from 2020, with an estimated 3,700 data protection-related jobs created in 2021.

One trend the centre noted last year was towards third-party management of personally identifiable information (PII) due to automation, digitisation and WFH initiatives.

Amid continued disintermediation and diversification of supply chains, PII processing has become more challenging, especially from a third-party management perspective. There are also requirements for cross-border data transfers and extraterritorial applications.

Organisations and their data processors/intermediaries need to be clear with their respective roles under data protection laws, said the DPEX Centre. It points to some notable breaches in Singapore arising from third parties, including one involving a Fullerton Health vendor, Volkswagen and Audi vendors and a Singtel third-party vendor.

More cases of privacy breaches involving intrusive mobile apps as a result of Covid and ongoing automation were also seen in 2021. One example was WhatsApp’s privacy policy update controversy, and numerous breaches related to mobile apps included Babylon Health, Flo, Line and Indonesia’s contact tracing app.

As public awareness of privacy grows, the importance of certification both at the corporate and individual level will continue to gain momentum, driven by local data protection authorities.

Authorities in Singapore and the Philippines are leading the way in the region in encouraging local data protection officers and professionals to be certified, the DPEX Centre said.

Do you like the content of this article?
COMMENT

FTX missing billions remain a mystery

Mystery continues to shroud the missing billions at the bankrupt crypto exchange FTX after its disgraced founder Sam Bankman-Fried denied trying to perpetrate a fraud while admitting to grievous managerial errors.

1 Dec 2022

CJ Express weighs B18-billion IPO

CJ Express Group Co, the retail chain founded by the energy drink tycoon Sathien Setthasit, is considering an initial public offering to raise at least 18 billion baht, according to people familiar with the matter.

1 Dec 2022

UK royals show ruthlessness in race row

LONDON: The timing could not have been worse for Britain's royal family, not long after one racial reckoning involving Prince Harry and ahead of a new publicity blitz from the maverick "spare heir".

1 Dec 2022