INTERNET GOVERNANCE
CYBERSECURITY, PRIVACY AND DATA PROTECTION
PROFESSOR ABU BAKAR MUNIR
FACULTY OF LAW
UNIVERSITY OF MALAYA
MALAYSIA
2nd ASIA PACIFIC REGIONAL INTERNET GOVERNANCE
17 JUNE 2011
SUNTEC SINGAPORE
Regulators pressure banks after Citi
data breach
(Reuters) - Major U.S. banks came under growing
pressure from banking regulators to improve the security
of customer accounts after Citigroup Inc became the
latest high-profile victim of a cyber attack.
• Cybersecurity is one of
the risks that the world
will have to face in the
next ten years
• CEO of Sony Corporation
“Cybercrime is not a
brave new world - It’s a
bad new world”
Privacy & Data Protection
•
•
•
•
•
The right to be left alone
Informational privacy
Bodily privacy
Privacy of communications
Territorial privacy
Informational Privacy and Data Protection
Informational Privacy
The rights of an individual to have control over his personal
information
Informational Privacy = Personal Data Protection
7
International Instruments





OECD Guidelines 1980
Council of Europe Convention 1981
European Directive 1995
APEC Privacy Framework 2004
Madrid Resolution 2009
National Approaches




Comprehensive Legislation
Legislation + Self-Regulatory
Self–Regulatory
Doing Nothing
Comprehensive Legislation

All EU countries, including the 10 new member states (Cyprus,
Czech Republic, Estonia, Hungary, Latvia, Lithuania, Malta,
Poland, Slovakia and Slovenia)

Japan, Korea, New Zealand, Australia, Hong Kong, Macao,
Taiwan, Thailand, Philippines

Chile, Argentina, Brazil, Mexico

In Middle East, only Israel

Indonesia and China are working on a comprehensive data
protection law.
10

Legislation + Self-Regulatory
USA – Privacy Act 1974 + 12 federal sectoral
based legislation + State Laws + Safe Harbour

Self-Regulatory
Singapore - does not work, now in the process
of developing a data protection law
11
Doing Nothing so far





Brunei
Vietnam
Laos
Cambodia
Many more
12
Some Developments in Asia

Macao enacted her Personal Data Protection Act in 2006

China has came out with several drafts of the law, and the latest in 2007

India amended her Information Technology Act in December 2008. Some new provisions are added to
protect privacy and personal data

Indonesia came out with a draft Bill in 2009

Thailand has developed a draft Bill in 2010

Taiwan amended her old law and passed a more comprehensive Personal Data Protection Act in April 2010

Malaysia has passed her Personal Data Protection Act in June 2010

Korea came out with a more comprehensive law in March 2011

The Philippines Congress is currently debating the bill to protect personal data

Australia and Hong Kong are reviewing their Privacy Act and Privacy Ordinance respectively

Singapore is currently developing ner law and is expected to be ready by 2012

In April 2011, the EU Working Party decided that the New Zealand Privacy Act is adequate
THE
KEY FEATURES OF
DATA PROTECTION
DATA PROTECTION
PRINCIPLES
DATA SUBJECTS
RIGHTS
EXEMPTIONS
ENFORCEMENT
MECHANISMS
SANCTIONS



DATA BREACH NOTIFICATION?
WHEN?
WHO?
abmunir@um.edu.my
profabm.blogspot.com
+6012 2185242