International companies should keep in mind recent developments coming out of Asia on the privacy front. Chinese authorities are reported to be confiscating smartphones at the border to install surveillance apps. Companies will want to think carefully about the assets they bring into the country. They will also want to keep in mind the Chinese Ministry of Public Security’s ability to conduct remote penetration tests, perform in-person network security inspections (which may involve local police), and prosecute organizations if state-prohibited or unlawful data is discovered during inspections. The state maintains a right to copy data, including proprietary information like IP and trade secrets, discovered during inspections without disclosure. These responsibilities come under the “Regulations on Internet Security Supervision and Inspection by Public Security Organs,” which expanded China’s 2017 privacy law.
On the data breach investigation front, Singapore and Hong Kong have agreed to a memorandum of understanding to a shared personal data protection program to make it easier to go after cyber threats. This comes after two major data breaches in 2018. As part of this joint program, the two have developed a publicly available joint guide to data protection for info-communications and technology systems.
Putting it Into Practice: These developments are a reminder both that data security remains an issue of concern worldwide, and that companies should think about the corporate assets they have that governments may access.