Five Data Protection Trends 2022

In 2021, COVID-19 continued to disrupt daily life. Throughout the year, multiple high-profile data breaches made global headlines and brought the privacy landscape to the forefront; i.e., the WhatsApp privacy policy update backlash, the Colonial Pipeline attack, the suspected contact tracing app breach in Indonesia, the possible data breach in the BDO bank hacking incident and the Fullerton Health third-party vendor breach.

With the new year beginning, Straits Interactive's Learning and Research arm, Data Protection Excellence (DPEX) Centre, released its annual regional data protection trends forecast, which includes the following five predictions.

Click here to access the full infographic!

1. Ongoing data and privacy breaches, especially due to COVID-19

The COVID-19 pandemic has expedited digitalisation in all walks of life, creating risks and vulnerabilities leading to an increase in breaches. In 2021, there were cases such as breaches in government contract tracing apps (Malaysia, Indonesia) being reported in the news.

In addition, increased spamming activities from organisations seeking to generate revenue for business survival is also expected. Also, pandemic-related tracing activities, e.g., the verification and monitoring of vaccinated individuals and those with COVID-19, and the implementation of vaccinated travel lanes, pose risks to organisations if data is not handled properly and stored safely. Hackers are also getting increasingly sophisticated as evidenced by the multiple high-profile breaches in 2021 – and cyberattacks are not expected to slow down.

Therefore, companies will need to be more vigilant and implement both data privacy and security measures in order to comply with the data protection regulations such as the PDPA (Personal Data Protection Act).

Join us for our “A Deep Dive into Data Breaches and Cyber Threats” webinar on 19 January to gain greater insight into the 2022 data protection trends here.

2. Intrusive home surveillance due to work-from-home (WFH) practices

With the pandemic not slowing down anytime soon, many organisations have opted for continued work-from-home (WFH) arrangements for the purpose of business continuity and also with their employees’ well-being in mind. Organisations may, however, have also implemented surveillance and monitoring software to ensure that employees are actually working and not abusing this work arrangement. The surveillance and monitoring technologies can be considered intrusive and breach data privacy requirements.

As such DPOs will need to assess any relevant risks, conduct data protection impact assessments on new monitoring software and surveillance measures, as well as review WFH policies to align with these new projects.

3. Continued interest in certification for both organisations, i.e., DPTM, and individuals

There is continued adoption of Singapore’s Data Protection Trustmark (DPTM) as a seal of approval for local organisations to demonstrate data protection accountability. Furthermore, a new Credence Data Trust Rating System, which evaluates organisations based on the robustness of their data protection practices, has also been introduced.

Meanwhile, a new Philippines privacy certification, Philippine Privacy Trust Mark (PPTM), for organisations demonstrates the region’s desire to boost consumer confidence in organisations' management of personal data and to provide a competitive advantage for businesses that are certified.

In addition, an increasing number of individuals are seeking formal privacy expertise and training in order to advance their careers and pursue job opportunities. The Singapore and the Philippines authorities continue to lead the way in the ASEAN region in encouraging local data protection officers and professionals to be certified.

For instance, the Practitioner Certificate in Personal Data Protection course by Singapore's Personal Data Protection Commission (PDPC), an exam-based certification for local DPOs, was extended to three days in 2021. In the Philippines, the National Privacy Commission (NPC) launched its Training the Trainers Program (T3) and expanded the DPO ACE (Accountability, Compliance and Ethics) programme, aimed at establishing a skills benchmark for local privacy professionals.

4. More regulatory attention on big tech, including social media, internationally spilling over into ASEAN

In 2022, the DPEX centre also expects more enforcement against social media and online companies for intrusive privacy practices and illegal processing. Last year, China's government ordered Didi, a leading ride-hailing platform in the country, to be removed from app stores for issues relating to the firm’s collection and usage of customer data. Enforcement by the authorities is expected to increase in 2022 as regulatory attention on big tech companies will set the stage for more organisations to find themselves in violation of data protection laws such as PIPL, CPPA, GDPR and PDPA.

That aside, the changes in the use of cookies and trackers by big tech companies to increase the data privacy of consumers in online advertising can also be considered a “data privacy-friendly” move.

5. Strong Demand for Data Protection Officers (DPOs) to continue in the region

The above trends will reinforce the importance of the role of the DPO. In addition, this year, all of the ASEAN region’s founding members will have data protection laws in place. With China having enacted its Personal Information Protection Law in November 2021 and India expected to introduce its own data protection law after years of deliberation, the entire region seems to be pressing the reset button on data privacy. Other countries in the region, such as Indonesia and Thailand, are also expected to introduce their own data protection laws too. With these new data protection laws being implemented, the shortage of trained and experienced data protection officers (DPOs), professionals who are well-versed in data protection and privacy, will become apparent.

Even in 2021, countries that have existing data protection laws have updated and introduced amendments to the law. For instance, Singapore updated its Personal Data Protection Act with new amendments and requirements, i.e., data breach notification, and continued enforcements have also led to a growing number of job advertisements for DPOs. Malaysia and the Philippines are also proposing to amend their laws.

DPEX Centre also hosted a webinar discussing the research regarding Singapore’s Data Protection Job Trends in 2021, view the slide deck and infographic for more information.

With these five predicted regional data protection trends, the data privacy and protection landscape is about to undergo a major transformation, and it is vital for organisations to remain aware and make relevant decisions to keep up with these changes.

Take a look at our courses page to gain a better understanding of data protection through hands-on training.