Photo of Charmian Aw

Charmian Aw

Please join us at these upcoming events to hear the latest trends, updates and insights in data privacy. For more information, contact the presenters or your relationship attorney.

  • Shanghai: On September 5th 2024, Scott Warren and the Squire Patton Boggs Shanghai office are hosting a “Tea at Three PM” cyberbreach training for

On August 22, 2024, the Singapore Computer Society, with support from the Infocomm Media Development Authority (IMDA), released the AI Ethics & Governance Body of Knowledge Version 2.0 (BoK 2.0). This latest edition represents a significant advancement in the ongoing effort to guide the ethical and responsible implementation of artificial intelligence (AI) technologies.

Background

BoK 2.0 was developed in response to the rapid advancements in AI technologies, and their increasing integration into everyday applications and solutions. The updated framework addresses practical issues related to human safety, fairness, privacy, data governance and general ethical values in AI deployment.Continue Reading Singapore Strengthens Her Commitment to Responsible AI with the Release of AI Ethics and Governance Body of Knowledge Version 2.0

On July 15, 2024, the Personal Data Protection Commission of Singapore (PDPC) released its Proposed Guide on Synthetic Data Generation (Guide). The Guide is a key resource within the Privacy Enhancing Technology (PET) Sandbox which aims to assist organisations in understanding the techniques and potential applications of Synthetic Data (SD) generation, particularly in the context

Singapore has published and is inviting public feedback on two proposed sets of guidelines for securing AI systems.

The first is the Guidelines on Securing AI Systems, intended to help system owners secure AI throughout its life cycle. These guidelines are meant to provide principles to raise awareness of adversarial attacks and other threats that could compromise AI system security, and guide the implementation of security controls to protect AI against potential risks.

The second is the Companion Guide for Securing AI Systems, which is intended to be a community-driven resource for supporting system owners and will entail the Cybersecurity Agency of Singapore (Agency) working closely with AI and cybersecurity practitioners to develop it.

Noting that AI “offers significant benefits for the economy and society”, including driving “efficiency and innovation across various sectors, including commerce, healthcare, transportation, and cybersecurity”, the Agency also stressed that AI systems must “behave as intended”, and that the outcomes must be “safe, secure, and responsible”. Such objectives are put at risk when AI systems are vulnerable to adversarial attacks and other cybersecurity risks.Continue Reading Singapore Consults on Cybersecurity Guidelines for AI Systems

Malaysia’s Personal Data Protection Act (PDPA) was enacted in 2010 and came into force in November 2013, making Malaysia the first country in the Association of Southeast Asian Nations (ASEAN) to enact comprehensive privacy legislation.

On July 31, 2024, the Personal Data Protection (Amendment) Bill 2024 (PDP Bill) was passed by the Dewan Negara (Malaysia’s Senate). It is expected to receive royal assent and thereafter come into force on a date to be appointed by the Minister of Digital by notification in the Gazette.

The PDP Bill introduces significant amendments to the PDPA, including specific definitions, new obligations on data controllers and stricter penalties for non-compliance. These amendments align the PDPA with internationally recognised standards, positioning Malaysia alongside its regional peers in Asia-Pacific, including Singapore, Indonesia, the Philippines, Thailand and Vietnam.

According to Malaysia’s Digital Minister, Gobind Singh Deo, these changes are driven by rapid technological advancements that necessitate society’s reliance on digital platforms for business, coupled with an expectation of protection. His comments come in response to a recent rise in complaints regarding the misuse and breach of personal data, an increase in personal data breaches, and a growing number of online fraud cases.

We outline below key changes brought about by the PDP Bill and its impact on businesses:Continue Reading Malaysia Pushes Out Groundbreaking Amendment to Personal Data Protection Act – Impact on Businesses

You are cordially invited to join us for the International Association of Privacy Professionals’ 2-day conference in Singapore on July 17-18.

Our Singapore-based partner, Charmian Aw, will be moderating a panel titled “Data Sovereignty: Nebulous and Evolving, But Here to Stay in 2024?”, comprising distinguished speakers from Singapore’s Personal Data Protection Commission

In this blog post, we breakdown the new Vietnamese cybersecurity regulations which apply to both Vietnamese and foreign organisations. Alongside the ongoing consultation for the Ministry of Public Security’s proposed data law, Vietnam is taking steps to move towards a data protection compliance regime in line with other countries and regions, such as the EU – something of particular relevance in a country with one of highest internet user growth rate (nearly 80 million internet users).

What Is the CAS Decree?

The Cybersecurity Administrative Sanctions Decree (CAS Decree) is a decree unveiled by the Vietnamese Ministry of Security to the Ministry of Justice in mid-May 2024.

The first draft was published for consultation in September 2021 and has undergone multiple revisions following public consultations.Continue Reading Summarising the New Vietnamese Cybersecurity Regulations

The Monetary Authority of Singapore (Authority) has published an information paper titled “Data Governance and Management Practices – Observations and Supervisory Expectations from Thematic Inspections”.

What Does the Paper Cover?

The paper focuses on data governance practices that address data quality risk. It incorporates a set of supervisory expectations, aimed at guiding financial institutions in enhancing their data management capabilities in accordance with the Basel Committee on Banking Supervision’s Principles for Effective Risk Data Aggregation and Risk Reporting (Basel Principles).

The paper contains observations from thematic inspections on data governance and management of systematically important banks in Singapore, specifically:Continue Reading Singapore Publishes a Data Governance Paper for the Financial Sector

In May 2024 alone, Singapore’s data protection regulator, the Personal Data Protection Commission (Commission) has issued three enforcement decisions that imposed a total of SG$102,000 (approximately US$76,000) in regulatory fines for infringements of Singapore’s Personal Data Protection Act (Act).Continue Reading Singapore Ramps Up Data Protection Enforcement – Five Useful Takeaways