PrivSec Global viewers enjoyed more fascinating insight today through another packed agenda of sessions delivered by experts from the world of Data Protection, Privacy and Security.

In the morning, Toni McLelland, MD, 1st Life Consultancy Group chaired a panel debate on diversity and inclusion, data collection and usage in the workplace, sponsored by FTI Consulting. 

The panel looked at the factors organisations should consider when formulating their data collection and usage policies to ensure a diverse and inclusive workplace.

Yvonne Charrot, Wellbeing Manager, The IASME Consortium said:

“You want your organisation to reflect your customer base. In the short term, we have to take steps to ensure we’re not just acting on unconscious bias. You won’t attract people if they think that that’s not an organisation they should belong in.” 

Monica Stancu, Diversity and Inclusion Manager Human Resources Lloyd’s, said:

“Having a safe space is about having a “speak-out” culture, that’s one of our key strategic priorities from a culture perspective. If the leader does not make that space, then you will not have that safe space. 

Privacy in APAC fell into focus next, with a debate exploring China’s internal regulations and how they impact on data protection throughout the global region.

Jose Belo, Head of Data Privacy, Valuer.AI, said:

“There’s a raised awareness of the Chinese consumer on their data. The times of the wild west are way behind us. 

“The PIPL (Personal Information Protection Law) is more focused on the privacy sector, on consumers. The Chinese are moving forward, further into data governance strategy, where the US is still lacking. 

“They will provide more protection for their consumers, and security inside the internet. The PIPL is moving towards trying to define boundaries within their market, within China. There are many subtleties in the law which help to understand how China is establishing not only a third way from the US and EU, but also trying to establish leadership.”

“There are a couple of nods to the GDPR, but the Chinese remain in their own way of protecting data and information.”

 Galaad Delval, Privacy Professional, said:

“The PIPL is a long time coming, it does not come as a surprise. Consent is difficult to follow up, and with the PIPL it will be even more difficult… with a shift to legal, contractual obligation.

“Until recently, we have been using the GDPR as a benchmark. China is a game-changer. Now, we have a contender that may need its own privacy program inside the company.

Privacy in Hong Kong fell under the microscope next, with a panel debate on the city state’s Personal Data Privacy Ordinance (PDPO), one of Asia’s longest-standing data law frameworks. 

Anna Gamvros, Partner, Head of Privacy, Data Protection and Cybersecurity, Asia, Norton Rose Fulbright Hong Kong, said:

“In this part of the world, we’ve seen leaps and bounds in privacy law regulations. Hong Kong was the standout, but there are now stricter regulations around the region.”

PrivSec Global viewers were told that new introductions include mandatory breach notification requirement, both for the regulator and the individuals which should be made as soon as is practical but no longer than 5 days after the breach event being detected.

Instructions will be released on how long companies can hold data, and companies that are under an obligation to actively think and put in place retention policies, will have to tell consumers. More sanctioning powers to the privacy commissioner, to give administrative fines directly, are also expected.

Viewers heard further proposed amendments to the PDPO, including: 

  • Expansion of the definition of personal data
  • Direct regulation on data processors, who can now be subject to fines
  • It will become illegal to publish people’s data for malicious purposes.

The panellists explained how Hong Kong’s privacy law is still fairly free compared to other parts of the world; it’s less stringent, and the ability to use and process data is not so regulated. The framework is, therefore, not as impactful as GDPR.

In the afternoon, Max Schrems’ eagerly anticipated keynote gave an insight into the Austrian lawyer’s ongoing work to defend global citizens’ privacy rights through his NGO,

Commenting on EU enforcement of the Privacy Shield decision since July 2020, Schrems said:

“It hasn’t been enforced at all. It’s the same problem as we had with Safe Harbour.

“The problem is that we have surveillance versus privacy. The EU says you have to protect data, the US says you have to have surveillance, and this creates a conflict.”

On Standard Contractual Clauses (SCCs), Schrems said:

“SCCs are a very complex tool, and they essentially shift all the responsibility for transferring data to the two parties who are transferring those data. The problem is if there is conflicting law in existence in one of the countries. These contractual arrangements only work if there is a vacuum of the law, and that’s not the case with the US.”

Summing up attitudes towards data privacy laws, Schrems said:

“We don’t have a police officer behind every traffic light, we just know that if we run a red light that we’ll get caught somehow. This sense of deterrence simply doesn’t exist in data law at the moment. I engage with privacy law because it’s a fundamental right, and it’s probably the least enforced fundamental right the world has ever seen.”

In “Politics, Economics, Social: Russia’s State-Led Cyber Espionage and Influence Operations”, our experts turned their attention to Putin’s operations and how his regime’s strategies may be eroding democracies in the West. 

Establishing the seriousness of the situation, Tina Gravel, Senior Vice President Global Channels and Alliances, said:

“I don’t think there is anything we’re more concerned about than Russians interfering with our lives.” 

Rafal Rohozinski, Founder and Prinipal, SecDev Group, said:

“The problem with nation state attacks, is we’re talking about code. You have code in the wild being used by various actors. North Korea bought code of the shelf. If you take a look, China and Russia have huge cyber problems, domestically. They face the same problems we do.

“The internet was built for resilience, not security. The entire cyber security industry is about creating patches. There’s no way to protect the internet without rebuilding it.”

Jody Westby CEO, Global Cyber Risk LLC, said:

“If you’re (a company) being attacked by a nation state you need government resources to help you. [The US] has failed getting in-depth cyber capabilities to provide assistance.

“Congress needs to pass a law that insurance companies can’t pay ransoms. When they keep paying ransoms, hackers go to every company they know have security insurance.”

Chris Painter, Ex-US Prosecutor/ex-White House, Cybersecurity Expert, said:

“The private sector has a key role to play. Basic cyber hygiene where you’re hardening the targets to make it harder to get in. Can you do things to make it harder for them to get in, and they’ll move to another target.”

We may want the handbags, houses, and bank accounts, but are we as keen for the lack of privacy that comes with being famous?

In “A Celebrity’s Desire for a Privacy Framework”, experts held case studies up to the light to understand what effect constant press scrutiny and social media sensation have on the lives of the stars we love.

Karen Dill-Shackleford, Faculty Member, Fielding Graduate University, said: 

“For celebrities, part of how they make their living is to get attention… part of me as a psychologist asks is that good for a person?”

”If you or I had someone following us around town in a car, that would be stalking, but if Britney does it’s categorised as paparazzi doing their jobs.”

Rachel Torres, Vice President of Marketing, DataGrail, said:

“There’s difficulty in balancing free speech in journalism and privacy.

“Harry and Megan are still actively constructing their image through the US press and a huge interview with Oprah Winfrey.”

Karen Dill-Shackleford added:

“I want to highlight perspective taking. Knowledge of what celebrities are doing is part of the game. If you took their perspective, however, if you were suddenly incredibly famous, what do you think would need to be the standard? I would expect to not be harassed and shoved in public.

“I would ask myself, as a human being, what needs to be there to protect me from physical danger.

“From a mental health perspective, the rules are changing quickly. You just have to be aware of ramifications of things – what are the ramifications of me posting something, or saying something in public?”

PrivSec Global livestream experience returns 21-23 September 2021.  

Missed a session? No problem - all sessions will be available on demand on