Data management and the acquisition, storage, usage and destruction of 'Personally identifiable information' has become an important part of any modern business enterprise. Any information that can be used to distinguish one person from another and can be used for de-anonymising anonymous data can be considered PII.
Blue Dragon has experienced breach response, investigation, compliance preparedness and regulatory response procedures.
A HK company was subject to a well-publicised data breach. We investigated the breach, discovered the cause, and used our technical team to implement crisis response. We then assisted in replies and investigation for the Privacy Commissioner for Personal Data and were able to get the case closed successfully, having shown full understanding of the breach cause and needed remedial steps.
A HK company was subject to a well-publicised data breach. We investigated the question of whether the breach was caused by a gap in security at the firm or by an external actor with malicious intent. We did technical and vulnerability assessments. The case was closed successfully.
Not every Asian company in every Asian jurisdiction will require a DPO. For example, at present in Hong Kong there is no requirement for a data protection officer. This may change in the light of EU GDPR, but at present the PCPD encourages HK companies to have a person responsible for overseeing data user's compliance with the Personal Data (Privacy) Ordinance.
Typical DPO duties we will perform include:
Date Created: 1 June 2017 |   Date Modified: 18 December 2017 |  Author: Dmitri M A Hubbard