• ADG Consultants

Briefing: Global Data Governance Headlines (August 2019)

Hong Kong: The Institute of Big Data Governance (iBDG) was launched early August 2019 and aimed to set up data governance framework for businesses and community within the Greater Bay Area. The iBDG’s Big Data Governance Principles 1.0 covers 4 key areas, including, data processing, personal data breach, data transfer, and continuous improvement. [1]

USA: BioStar 2, a web-based biometric security platform, was recently discovered to have leaked out highly sensitive personal data, which includes personal information of employees and unencrypted usernames and passwords, allowing hackers to access user accounts. vpnMentor’s team was able to access over 1 million fingerprint records, as well as facial recognition information. [2]

UK: London-based educational software maker Pearson has reported a data breach involving about 13,000 school and university AIMSweb 1.0 accounts. Leaked personal data include names, dates of birth, and email addresses. Experts have noted that young demographic of Pearson’s customers are inherently more vulnerable because they have more at stake in the long-term. [3]

AUS: Personal health information of 317 people applying for Australian visas was accidentally emailed to a member of the general public, according to ABC News investigation. The personal data include names, dates of birth, passport numbers and medical test notes being sent to an unknown Gmail address. The breach was reported to have happened back in 2015, where the Department of Home Affairs’ contractor Bupa, and one of its subcontractors, Sonic HealthPlus (SHP)’s employee accidentally sent the personal data to an unknown Gmail address. Experts called for more transparency needed and better scrutiny on data processor. [4]

JAP:According to Kyodo News survey, approx. 2.68 million personal information held over 100 Japanese entities were subject to unauthorised disclosures in 2018. These including hotel operators, universities, hotel reservation service, consultancy firms, and shopping mall operators. Experts called for new law to require companies and organisations to notify government and individuals affected by data breach. [5]

Business: The European Commission is ready to impose a GBP183.4 million fine on British Airways for its failure to protect 500,000 customers’ personal data. The fine will set a record for violating the EU’s General Data Protection Regulation (GDPR). Under GDPR, any organisation that holds or uses data on people inside the EU and fails to protect them can be fined up to 4% of its annual revenue. [6]

Please reach out to info@aurmconsultancy.co or Tel: +852 3725 4806


[1] ‘Hong Kong unveils first data governance framework’, EJ Insight, 7AUG2019 (http://www.ejinsight.com/20190807-hong-kong-unveils-first-data-governance-framework/)

[2] ‘New Data Breach Has Exposed Millions of Fingerprint And Facial Recognition Records: Report’, Forbes, 14AUG2019 (https://www.forbes.com/sites/zakdoffman/2019/08/14/new-data-breach-has-exposed-millions-of-fingerprint-and-facial-recognition-records-report/#20b3c0ab46c6)

[3] ‘Pearson data breach impacts thousands of university accounts’, SC Media (UK), 5AUG2019 (https://www.scmagazineuk.com/pearson-data-breach-impacts-thousands-university-accounts/article/1592943)

[4] ‘Sensitive personal data of hundreds of visa applicants accidentally leaked in email mishap’, ABC News, 15AUG2019 (https://www.abc.net.au/news/health/2019-08-15/bupa-immigration-medical-data-breach/11413740)

[5] ‘Data breaches exposed nearly 2.7 million morsels of personal information in Japan in 2018’, Japan Times, 24AUG2019


[6] ‘British Airways faces record EU fine for major data-breach’, NewEurope, 18AUG2019 (https://www.neweurope.eu/article/british-airways-faces-record-eu-fine-for-major-data-breach/)

34 views0 comments