Newsletter:

Technology Updates - Issue 3/2022

15 September 2022


Innovation and technology are one of the drivers for organisation growth and enhancing competitiveness of different industries.  In our 'Technology Updates', it will include the latest updates about cybersecurity, emerging technology & data privacy for your reference:


HKMA's new Guidance on Cloud Computing

On 31 August 2022, the Hong Kong Monetary Authority (HKMA) issued their guidance on the HKMA's supervisory expectations with respect to the adoption of cloud computing.

The key principles that authorized institutions (AIs) should pay attention to before they adopt cloud computing cover:

  • Governance framework
  • On-going risk management and controls
  • Protection of access and other legal rights
  • Risk management capabilities


AIs should note that the above principles serve to complement, and should be read in conjunction with, relevant existing HKMA guidance. These include SPM Modules SA-2 on 'Outsourcing', OR-2 on 'Operational Resilience' and TM-G-1 on 'General Principles for Technology Risk Management'.


Read more from the source:
https://www.hkma.gov.hk/media/gb_chi/doc/key-information/guidelines-and-circular/2022/20220831c1.pdf


Public consultation on addressing cyber-dependent crimes

On 20 July 2022, the Law Reform Commission launched a three-month public consultation on addressing cyber-dependent crimes.

The consultation paper made preliminary proposals for law reform in order to address the challenges to protection of individuals' rights caused by the rapid developments associated with information technology, computers and the Internet, and the potential for them to be exploited for carrying out criminal activities.

Among others, the paper recommended that a new piece of bespoke legislation on cybercrime should be enacted to cover five types of cyber-dependent offences.

These crimes are: illegal access to program or data, illegal interception of computer data, illegal interference of computer data, illegal interference of computer system, and making available or possessing a device or data for committing a crime.


Read more from the source:
https://www.news.gov.hk/eng/2022/07/20220720/20220720_121439_484.html


PRC's Measures for Security Assessment of Data Exports effective in September

Cyberspace Administration of China (國家互聯網信息辦公室, CAC) launched the Measures for Security Assessment of Data Exports (《數據出境安全評估辦法》) and the Measure became effective on 1 September 2022. CAC emphasized the Measures were to protect the individual rights of personal data, national security and social benefits while the Measures were to promote data being lawfully and orderly exported, in accordance with the Cybersecurity Law (《網絡安全法》), the Data Security Law (《數據安全法》) and the Personal Data Protection Law (《個人信息保護法》).

Data processors are required to apply to the CAC for security assessment via their local provincial-level cyberspace authorities given that:

  • They provide critical data abroad;
  • They are operators of critical information infrastructure, or they process over 1,000,000 people’s personal information;
  • They have cumulatively exported the personal data of over 100,000 individuals or the sensitive personal data of 10,000 individuals abroad since 1 January of the previous year; or
  • They encounter the particular circumstances which the CAC requires data export security assessment.


Read more from the source:

http://www.cac.gov.cn/2022-07/07/c_1658811536594644.htm

http://www.cac.gov.cn/2022-07/07/c_1658811536396503.htm

http://www.cac.gov.cn/2022-08/31/c_1663568169996202.htm


How can BDO help?

In the post-pandemic economy, business operations as well as industry supply chains are facing paradigm shift. Individual organisations ought to implement digital transformation in order to adopt 'New Normal'.

However, there are lots of challenges, such as: what technology should be taken, how the new technology should be deployed, how IT security should be safeguarded and how the regulatory requirements should be fulfilled.

BDO IT Advisory team is formed by a group of experienced business-technology professionals. They possesses the experiences and know-how in enterprise solution deployment, information technology / information system audit, information security management, business process re-design and business-technology change management. 

Get in touch to see how we can help your organisation!