Ricky Cheng
Companies are increasingly facing reputational risk, enhanced scrutiny and legal and financial consequences for mismanaging personal identifiable information. There are notable reasons for this, including:
Digitalisation and personalisation
Increased digitalisation and personalisation leveraging user data has made our world more connected and convenient. However, this can come at, literally, a significant cost. Personal data is a prime target for cybercriminals. It has real monetary value on the dark web. Banking credentials, health information, drivers' licenses, credit cards, social media, social security and other personal data can be bought and sold on the dark web.
Shifting consumer sentiment
Recent news of high-profile data breaches and data misuse has impacted user attitudes towards personal data collection. In this connection, many users have changed privacy settings, removed a social media account or declined terms of service. Companies are expected to do more to protect the data privacy of their internal and external stakeholders.
Increased regulatory requirements
To comply with privacy regulations like Personal Data (Privacy) Ordinance (PDPO), the General Data Protection Regulation (GDPR), among other privacy requirements, companies need to invest in data protection strategies by defining their policies and determining the necessary controls to protect personal information.
Innovative new uses of data
The proliferation of artificial intelligence and machine learning applications to collect and analyse consumer data is a double-edged sword without fully established data privacy and security controls. If this technology is used properly, it enables organisations to make more meaningful business decisions, but in the wrong hands, and if breaches go undetected, this technology becomes a weapon and can create untold operational chaos.
The onus is on the company to protect data privacy through internal control measures and cybersecurity resilience. Personal identifiable information may encapsulates a broad sense of personal information, such as commercial, electronic, behavioral, biometric, financial and educational information, amongst others. When formulating data privacy measures, company shall ensure compliance with the principles as stated in the PDPO, including:
The questions below may trigger your thoughts on whether your company's business model may interact with data privacy and further actions may need to be taken to mitigate associated risks:
BDO partners with its clients to ensure compliance with data privacy regulations. Our data privacy capabilities and expertise allow us to serve companies in on data privacy and information governance. BDO's pragmatic approach ensures a cost-effective and efficient road to compliance. Our legal, operational, IT and privacy expertise provides a multidisciplinary team that works seamlessly across your organisation.
We offer full range of data privacy services
Managed services
Assessment
Implementation and remediation
Technology support
Other support
Ricky Cheng