Data breaches in Singapore, Australia and Hong Kong attract the highest penalties in Asia Pacific-Japan, while Japan, India and Thailand sit at the bottom of the scale, says a recent IDC study commissioned by Dell EMC.
With new threats emerging daily, regulations and legislation are becoming harsher to ensure organisations handle data responsibly. The IDC InfoBrief titled Data Risk Management Barometer – Gauging Asia Pacific’s Potential, measured legislation and penalties for data breaches. It showed large-scale differences in penalties across 14 APJ markets. It underscores the importance of businesses, particularly multinationals, to be aware of the variations in data privacy laws in the markets they operate.
In Malaysia, the maximum penalty that may be imposed for data privacy breaches is RM300,000. Singapore imposes fines up to S$1m for non-compliance with any of its data protection provisions. Australia imposes fines up to A$1.7m. Japan and India levy the lowest fines at 1m yen and 500,000 rupees, respectively.
As more organisations across the region become digitally-driven, data privacy will become a higher priority. “Being data-driven is inevitable for organisations transforming digitally as they use data to transform their products, services and strategies,” said Dmitri Chen, vice president, specialty sales, Asia Pacific & Japan, Dell EMC. “But there is also a greater risk – the attack surface is expanding and so too are the requirements for how this data is managed. Organisations must build and optimise scalable secure IT environments today.”
The IDC barometer highlights how regulatory changes present an opportunity for businesses to drive improved data management. “Data privacy regulations are an impetus for the development of better data management strategies, for example, it is exacerbating the data protection gaps in existing backup infrastructure,” said Simon Piff, vice president, IT security practice business, IDC Asia Pacific. “Over time, more countries in the region will take proactive steps for strengthening critical information infrastructure, and the European Union General Data Protection Regulation will further galvanise this.”
The IDC InfoBrief identified three key areas of good data management to minimise risk: security, privacy, and business continuity. Security has to ensure that data is safely captured and stored with data integrity. Privacy has to ensure personally identifiable information carries the levels of security, accessibility and ability to be deleted, as defined by the various legislations. Business continuity and risk management planning should also facilitate access to data at all times. IT infrastructure considerations must prioritise these areas in order to ensure compliance.