• ADG Consultants

Briefing: Global Data Governance Headlines (September 2019)

USA: Food delivery company, DoorDash, was hacked and 4.9 million consumers, ‘Dashers’ and merchants’ personal data were leaked. The types of user data leaked involve names, email addresses, delivery addresses, order history, phone numbers, passwords, and consumer payment card details. [1]

Hong Kong: SmarTone Mobile Communications Limited was faced with 23 charges under the Personal Data (Privacy) Ordinance (Cap. 486) on 12 September 2019 related to the offence of failing to comply with the requirement from the data subject to cease to use their personal data in direct marketing, contrary to s.35G(3) of the Ordinance. SmarTone pleaded guilty to 14 charges, and was fined HK$84,000 in total. PCPD noted that this case has recorded highest number of charges and second highest fine since direct marketing provisions came into force in 2013. [2]

UK: UK is currently scheduled to leave the EU on 31 October 2019, the Information Commissioner’s Office (ICO) has published recommendations and guidelines for SMEs in the preparation for a possible no-deal Brexit. [3]

Japan: Dawex, leading data exchange tech company, forms partnership with Kanematsu Corporation, major trading company, to further promote data exchange tech in Japan. Japan also launched the Osaka Track initiative back in June 2019 to set up digital governance based on ‘Data Free Flow with Trust’ concept. [4]

Business: HIPAA Journal reported that US’s healthcare industry has a record-breaking of data breaches in 2019, affecting approx. more than 35 million individuals, which is more than 3 years combined and the cause of the leaks were mostly due to hacking/IT incidents. [5]

Please reach out to info@aurumconsultancy.co or Tel: +852 3725 4806


[1] ‘Important security notice about your DoorDash account’, DoorDash Engineering Blog, dated 27 September 2019: https://blog.doordash.com/important-security-notice-about-your-doordash-account-ddd90ddf5996#46h35gr24e

[2] ‘Direct Marketing Offence Admitted: Telecommunications Company Fined HK$84,000’, PCPD Media Statements, dated 12 September 2019: https://www.pcpd.org.hk/english/news_events/media_statements/press_20190912.html

[3] ‘Data protection and no-deal Brexit for small businesses and organizations’, ICO Blog, updated 10 September 2019: https://ico.org.uk/about-the-ico/news-and-events/blog-data-protection-and-brexit-ico-advice-for-organisations/

[4] ‘Dawex Partners with Kanematsu Corporation to Deploy Data Exchange Technology in Japan’, Business Wire, dated 24 September 2019: https://www.businesswire.com/news/home/20190924005587/en/Dawex-Partners-Kanematsu-Corporation-Deploy-Data-Exchange

[5] ‘July 2019 Healthcare Data Breach Report’ HIPAA Journal, dated 26 August 2019: https://www.hipaajournal.com/july-2019-healthcare-data-breach-report/

8 views0 comments