legaltech asia data privacy laws update

10
LegalTech Asia DATA PRIVACY LAWS UPDATE Edward Chatterton 4 March 2013

Upload: herman-poole

Post on 30-Dec-2015

37 views

Category:

Documents


2 download

DESCRIPTION

LegalTech Asia DATA PRIVACY LAWS UPDATE. Edward Chatterton 4 March 2013. Agenda and Introduction. International data protection landscape – trends Asia Pacific Data Privacy Heat Map and recent developments Why it is relevant to Law firms and their IT Departments - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: LegalTech Asia DATA PRIVACY LAWS UPDATE

LegalTech AsiaDATA PRIVACY LAWS UPDATE

Edward Chatterton

4 March 2013

Page 2: LegalTech Asia DATA PRIVACY LAWS UPDATE

Agenda and Introduction

1. International data protection landscape – trends

3. Asia Pacific Data Privacy Heat Map and recent developments

4. Why it is relevant to Law firms and their IT Departments

5. Compliance Building Blocks

6. DLA Piper - Data Privacy Laws of the World

23 August 2012Data Protection Master Class 2

Page 3: LegalTech Asia DATA PRIVACY LAWS UPDATE

No.

of

coun

trie

s w

ith p

rivac

y la

ws

Time Period

The growth of global privacy laws

3

Page 4: LegalTech Asia DATA PRIVACY LAWS UPDATE

Asia Pacific Heat Map

Date of presentationInsert filename here 4

Heat MapRecent Highlights

• Hong Kong – new amendment ordinance passed in June, to come into force in phases starting from 1 October, major provisions coming into force on 1 April 2013

• Philippines – 1st DP law recently passed influenced EU Directive the Asia Pacific Economic Cooperation Information Privacy Framework.

• South Korea – new (and draconian) law came into

force in September 2011

• Malaysia – 1st DP law passed in April 2010, still awaiting to come into force

• Singapore – 1st DP law now passed. Bill published

• Vietnam – consumer protection law (which protects consumer data) took effect July 2011

• Taiwan – new DP act to come into force 1 Oct 2012 (in parts)

Page 5: LegalTech Asia DATA PRIVACY LAWS UPDATE

Why it matters to Law firms and their IT departments?

Law Firms often/always …

Collect customer, employee, supplier, agents… information and store these in centralised marketing databases

Transfer personal data across international borders

Hire employees

Use or process personal data

Transfer personal data to others

Outsource HR and payroll functions to others either within or ourside their corporate group

Provide Consolidated IT services to service multinational practices across separate country based partnerships

Outsource data management functions to others (e.g. cloud)?

Do direct marketing

5

Page 6: LegalTech Asia DATA PRIVACY LAWS UPDATE

… at your own risk

Increasing regulation

Criminal prosecution

Imprisonment

Fines

Reputational damage

Civil actions

Regulatory investigation

Enforcement actions

6

Page 7: LegalTech Asia DATA PRIVACY LAWS UPDATE

Compliance building blocks

7

Page 8: LegalTech Asia DATA PRIVACY LAWS UPDATE

What compliance might look like……

8

Policies and procedures

Statement of requirements

DPA notifications

Global data protection policy

Governance and accountability

• HR • Client data• Direct marketing• Records management• Electronic usage• Security• Social media• Vendors• Cookie• CCTV

Data transfer agreement

Training and awareness

Verification and audit

country variations

country variations

country variations

• Generic code of conduct

• Statement of good practice

• Local law compliance on top of this

• Sets structure for other components

Data Protection Master Class 23 August 2012

Page 9: LegalTech Asia DATA PRIVACY LAWS UPDATE

We already know what the law says….

9Data Protection Master Class 23 August 2012

Page 10: LegalTech Asia DATA PRIVACY LAWS UPDATE

Thank you