5 Regional Data Protection Trends 2022

In 2021, several high-profile data breaches became global headlines and brought the privacy space to the forefront. Case in point: the Colonial Pipeline attack, the WhatsApp privacy policy update backlash, the likely data breach in the BDO bank hacking incident, and the Fullerton Health third-party breach, to name a few.

These highly publicised data breaches have also highlighted the need for data privacy jobs and data privacy certification. In line with this, the Data Protection Excellence (DPEX) Centre revealed its yearly annual data protection trends forecast. The following regional data protection trends made the list for 2022:

01: Data and privacy breaches exacerbated by COVID-19

Aside from expediting digitalisation in all walks of life, the COVID-19 pandemic has also created vulnerabilities and risks that resulted in more data breaches. Increased spamming activities from organisations looking to generate more revenue to stay afloat is also expected.

Understandably, pandemic-related activities such as the monitoring and verification of vaccinated individuals as well as the implementation of vaccinated travel lanes has also increased the risk of privacy breaches when data is not stored safely or handled properly. 

Hackers are also becoming more and more sophisticated as evidenced by the number of high-profile breaches and cyberattacks. Fortunately, those who have chosen a data privacy career path can now implement strong measures to comply with data protection regulations like the Personal Data Protection Act through courses like the PDPA course.

02: Intrusive home surveillance due to WFH (work-from-home) practices

With the pandemic not showing any signs of going away, many organisations have chosen to continue the work-from-home arrangements to keep their employees safe and to ensure business continuity. To ensure employees are not abusing the work-from-home arrangement, many organisations are using surveillance and monitoring software.

However, some of these surveillance and monitoring software can be intrusive and might breach some data privacy requirements. As such, data protection officers (DPOs) will have to carefully assess any relevant risks and carry out data protection impact assessments on the surveillance and monitoring software. They also need to review their work-from-home policies to ensure it aligns with their projects.

03: Continued interest in certifications for individuals and organisations

Aside from the continued adoption of Singapore’s Data Protection Trustmark (DPTM) as a means for organisations to showcase data protection accountability, a new Credence Data Trust Rating System has also been introduced. The latter is designed to evaluate the robustness of an organisation’s data protection practices.

04: More regulatory attention on big tech (including social media) that spills over into the ASEAN

This 2022, more enforcement against online companies and social media for illegal processing and intrusive privacy practices. In 2021, the government of China ordered Didi, a ride hailing platform, to be removed from the app stores because of their collection and usage of personal data.

Enforcement by the authorities is also expected to increase more this 2022. This can be attributed to more regulatory attention given to big tech companies which will set the stage for more companies and organisations finding themselves violating data protection laws including CPPA, PDPA, PIPL, and GDPR.

05: Strong demand for data protection officers will continue

The first four trends will reinforce the importance of having a data protection officer (DPO). It is also expected that in 2022, the founding members of the ASEAN region will have data protection laws in place. Also, with data protection laws being implemented, the region will reset the button on data privacy.

It is also expected that ASEAN countries with existing data protection laws will update and introduce amendments to the law. For instance, Singapore added new requirements and amendments to its Personal Data Protection Act. The Philippines and Malaysia are also proposing to amend their laws.