INTERNET GOVERNANCE CYBERSECURITY, PRIVACY AND DATA PROTECTION PROFESSOR ABU BAKAR MUNIR FACULTY OF LAW UNIVERSITY OF MALAYA MALAYSIA 2nd ASIA PACIFIC REGIONAL INTERNET GOVERNANCE 17 JUNE 2011 SUNTEC SINGAPORE Regulators pressure banks after Citi data breach (Reuters) - Major U.S. banks came under growing pressure from banking regulators to improve the security of customer accounts after Citigroup Inc became the latest high-profile victim of a cyber attack. • Cybersecurity is one of the risks that the world will have to face in the next ten years • CEO of Sony Corporation “Cybercrime is not a brave new world - It’s a bad new world” Privacy & Data Protection • • • • • The right to be left alone Informational privacy Bodily privacy Privacy of communications Territorial privacy Informational Privacy and Data Protection Informational Privacy The rights of an individual to have control over his personal information Informational Privacy = Personal Data Protection 7 International Instruments OECD Guidelines 1980 Council of Europe Convention 1981 European Directive 1995 APEC Privacy Framework 2004 Madrid Resolution 2009 National Approaches Comprehensive Legislation Legislation + Self-Regulatory Self–Regulatory Doing Nothing Comprehensive Legislation All EU countries, including the 10 new member states (Cyprus, Czech Republic, Estonia, Hungary, Latvia, Lithuania, Malta, Poland, Slovakia and Slovenia) Japan, Korea, New Zealand, Australia, Hong Kong, Macao, Taiwan, Thailand, Philippines Chile, Argentina, Brazil, Mexico In Middle East, only Israel Indonesia and China are working on a comprehensive data protection law. 10 Legislation + Self-Regulatory USA – Privacy Act 1974 + 12 federal sectoral based legislation + State Laws + Safe Harbour Self-Regulatory Singapore - does not work, now in the process of developing a data protection law 11 Doing Nothing so far Brunei Vietnam Laos Cambodia Many more 12 Some Developments in Asia Macao enacted her Personal Data Protection Act in 2006 China has came out with several drafts of the law, and the latest in 2007 India amended her Information Technology Act in December 2008. Some new provisions are added to protect privacy and personal data Indonesia came out with a draft Bill in 2009 Thailand has developed a draft Bill in 2010 Taiwan amended her old law and passed a more comprehensive Personal Data Protection Act in April 2010 Malaysia has passed her Personal Data Protection Act in June 2010 Korea came out with a more comprehensive law in March 2011 The Philippines Congress is currently debating the bill to protect personal data Australia and Hong Kong are reviewing their Privacy Act and Privacy Ordinance respectively Singapore is currently developing ner law and is expected to be ready by 2012 In April 2011, the EU Working Party decided that the New Zealand Privacy Act is adequate THE KEY FEATURES OF DATA PROTECTION DATA PROTECTION PRINCIPLES DATA SUBJECTS RIGHTS EXEMPTIONS ENFORCEMENT MECHANISMS SANCTIONS DATA BREACH NOTIFICATION? WHEN? WHO? abmunir@um.edu.my profabm.blogspot.com +6012 2185242