[row][third_paragraph] [/third_paragraph][paragraph_right] Your organisation has been the target of a cybersecurity attack. Now what do you do? What can you do? Worldwide governments and organisations are, in the face of increasing numbers of cybersecurity incidents, turning their focus to how to manage cybersecurity threats and deal with the aftermath of cybersecurity incidents. For many organisations, the most common cybersecurity threat is the risk of confidential information being accessed and potentially misused by an external and/or adverse party i.e. data breaches. One of the key challenges in responding to data breaches is that data can be taken from one or more jurisdictions, and moved very quickly to other jurisdictions. The cross border nature of incidents can make investigating a data breach, identifying your various obligations in relation to the data breach and identifying your options for dealing with the data breach, a very complex and daunting process. This is especially so because speed is almost always a critical factor in an effective response. [/paragraph_right][/row] In the Asia Pacific region, recent years have seen a wave of new cybersecurity legislation, government established bodies to regulate or monitor cybersecurity and guidelines/reports being issued by governments and regulators. For example, in 2015, Indonesia and Singapore each introduced cyber agencies, Japan enacted the Cyber Security Basic Act and the Australian Securities and Investments Commission released a report on cyber resilience. For a number of countries in Asia Pacific, laws or guidelines on these issues are being formulated for the first time. In addition, countries such as the United States, where the Department of Justice released in April 2015 its “Best Practices for Victim Response and Reporting of Cyber Incidents”, are adding to already existing systems of cybersecurity regulation. Despite the increased regulatory activity, there is, unfortunately, no unified approach to the regulation of cybersecurity or the potential legal remedies available in the context of data breaches in the Asia Pacific region. Depending on the jurisdiction, data breach incidents may involve, in addition to laws regarding cybersecurity, obligations under privacy laws, employment/labour laws, equitable rights and obligations, the law of equity, corporate governance, fiduciary duties and industry or sector specific regulations. In some jurisdictions, laws regarding state or national secrets may also be enlivened, especially when data is suspected to have been transferred out of the jurisdiction. Accordingly, local knowledge of the obligations in each country and how each relevant regulator or court operates in practice is essential to navigating a response to a data breach incident and understanding which legal remedies may be available and which will be most effective. Using this knowledge, we are able to assist our clients to investigate data breaches, to identify reporting obligations, to discuss strategies to minimise further disclosure of the data and mitigation of loss or damage, and to identify, where available, legal remedies to recover the data or loss associated with the data breach. In the Guide, we:
- set out an outline of the preliminary assessment we recommend should be undertaken by clients when confronted with a suspected data breach; and
- identify for 13 countries in the Asia Pacific region, the position in response to a number of common issues which arise in dealing with a data breach incident. As you will see, while some jurisdictions with similar juridical history have similar processes, the type and availability of legal remedies can vary greatly across the region. In order to provide the broadest coverage of key jurisdictions, in addition to input from eleven jurisdictions in which Baker & McKenzie has offices in the region, we have also been very ably assisted by Kim, Choi & Lim in Korea and J. Sagar & Associates in India.
You may read the guide online on Global Compliance News or access the guide in the following online formats or by downloading for free from Apple iTunes and Google Play. PDF version eBook for Kindle eBook for Nook and iPad