How Southeast Asia Can Improve Its Data Privacy Protection

Asia is rapidly expanding its digital economy with tech startup hubs popping up in the region and governments investing in further expanding their digital infrastructures. Additionally, with citizens utilizing their mobile devices to access different services from businesses and governments, the concept of digital identity is one that most people are familiar with today. Every day, citizens provide data about their identities, habits, behavior, and lifestyles to a myriad of corporate and government bodies. This has led to the proliferation of big data – basically, massive sets of personal data that can be analyzed to spot trends and opportunities - and with it an increase in cybercrime that seeks to exploit technical vulnerabilities of data privacy. The recent WannaCry Ransomware attack revealed just how quickly and how massively these attacks can take place. The attack affected around 200,000 PC users in over 150 countries in a very short period of time.

Cybercrime is not something that’s new to the digital revolution. As in all human endeavor, innovation also stimulates some people to look for ways to exploit it. However, given the reality of big data and some of the big gaps that still remain in data privacy protection, governments increasingly face the threat of rising costs associated with cybercrime. In 2016, this cost amounted to around USD 81 billion to businesses in Asia Pacific, around USD 20 billion more than the total costs of attacks in North America. The region alone saw an increase in cyber attacks by around 40% year-on-year. However, rather reflective of the lack of data security infrastructures and protocols, this indicates that the digital economy has been booming in Asia and therefore poses a target for cyber criminals to financially exploit digital transactions that take place across the region.

While Southeast Asia remains less stringent in its data privacy protection regulation, other parts of Asia and the Pacific have become more strict with data management requirements, data export controls, direct marketing regulation, and an increased level of aggressiveness of the enforcement environment. While there have been moves by some Southeast Asian countries to improve data protection for citizens, it is worth noting that extreme restrictions could result in the hesitancy of potential businesses converting to digital platforms or for entrepreneurs to set up tech businesses in the region. While it is important that big data, especially since it involves digital identities, be protected, in most cases it is big data itself that comes to the rescue. In a number of cyber attack cases where there has been a breach of data, it was found that big data analytics helped resolve the situation quickly and effectively. This is because big data on its own doesn’t quite amount to much. But when it is organized and systematized to be utilized for cyber security initiatives, it becomes crucial to the success of preventing cyber attacks.

It’s therefore important that when governments in the region adopt regulatory approaches to combatting personal data breaches that the usefulness of big data be considered. An overtly restrictive stance would ultimately create a closed environment for the digital economy and an apprehensive attitude from potential investors. Big data has been shown to improve the prediction of cyber attacks, enabled quicker response rates, and faster recovery times. Balancing the interests of businesses, the growth of local economies, as well as the privacy of citizens is ultimately the best way to enhance data privacy protection. It is also worth noting that data protection should extend to protecting citizens’ identities and data from being used for political agendas. For this, governments are responsible and therefore need to act accordingly.