Governance & Risk Management

Hong Kong, Singapore to Cooperate on Cybersecurity

Agree to Information Sharing, Joint Research
Hong Kong, Singapore to Cooperate on Cybersecurity

Hong Kong and Singapore have signed a cybersecurity memorandum of understanding that establishes a data protection information sharing mechanism and calls for joint research projects.

See Also: Restructuring Your Third-Party Risk Management Program

"The objective is to strengthen cooperation between Hong Kong and Singapore to provide a solid framework for promoting collaborative initiatives and information exchange in personal data protection," says Stephen Kai-yi Wong, Hong Kong's privacy commissioner for personal data.

Tan Kiat How, Singapore's privacy commissioner for personal data, adds: "A strong collaborative effort with our counterparts in Hong Kong and other jurisdictions is needed to advance personal data protection and prepare for a digital economy."

The Goals

The goals of the agreement, the two leaders say, are:

  • Build a solid framework for information sharing on data protection;
  • Prepare both countries to face threats in the "post-digital" era;
  • Conduct joint research on cybersecurity best practices and breach investigations;
  • Adopt data protection by design.

The two countries had initial discussions in September 2018 about exploring opportunities to develop bilateral platforms for the advancement of personal data protection.

As part of the enhanced cooperation, Hong Kong and Singapore are also releasing a jointly developed "Guide to Data Protection by Design for ICT Systems." The guide encourages organizations to proactively incorporate data protection when developing information and communications technology. It provides advice on all phases of software development and spells out good data protection practices.

Earlier, Singapore also signed an agreement on information sharing with India to establish formal cooperation among the two nations' CERTs on building an incident prevention and response mechanism and an information sharing platform to tackle cybersecurity challenges. (See: India & Singapore Agree on Information Sharing)

Big Breaches

Hong Kong and Singapore have both recently experience mega-breaches, which have spurred them to collaborate on breach prevention efforts.

Cathay Pacific Airways in Hong Kong was hit by a breach revealed last October that involved unauthorized access to personal details on 9.4 million passengers. (See: Cathay Pacific Breach: What Happened? )

In 2017, a SingHealth data breach affected 1.5 million individuals. The Personal Data Protection Commission imposed financial penalites against both Integrated Health Information Systems Pte.Ltd., or IHiS, and SingHealth totaling 1 million Singapore dollars ($738,000), the highest it has ever levied (see: Staff Disciplined in Wake of Singhealth Breach)

Data Protection by Design

The new jointly developed guide to data protection by design recommends key steps, including:

  • Conducting a data protection impact assessment during the systems development life cycle to help identify and assess the gaps and risks in the design of new systems;
  • Minimizing collection of personal data unless there is a valid purpose;
  • Collecting information on personal identifiers only when absolutely necessary;
  • Obtaining individuals' consent for collecting, using and disclosing their personal data;
  • Spelling out security requirements to information and communications technology vendors that must be documented as part of the scope of work.

Even if organizations delegate work to vendors, they must ultimately take responsibility for the personal data that they have collected from their customers, the privacy commissioners say.

About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.