The Cyber Security Agency of Singapore (CSA) released the key findings of the Cybersecurity Public Awareness Survey 2019 today. The survey polled 1,000 respondents between 17 and 23 December 2019.
This survey has been conducted annually since 2016, and measures public awareness and adoption of cyber hygiene practices, as well as attitudes towards cyber incidents.
The survey revealed that there were high levels of concern for cyber incidents. Most respondents also agreed that everyone has a role to play in ensuring cybersecurity. However, there continued to be room for improvement in respondents’ cyber hygiene.
The majority did not install security applications in their devices despite knowing the risks. Many respondents continued to think that cyber incidents would not happen to them. In addition, respondents faced difficulty in identifying phishing emails.
The key findings are as follows:
Difficulty in identifying phishing emails
The 2019 survey made a deeper dive to understand respondents’ awareness of phishing, as it remains a popular way for attackers to target their victims. Although two-thirds of the respondents (66%) said that they knew what phishing was, only four percent could identify all the phishing emails correctly.
Marginal increase in Two-Factor Authentication (2FA) adoption rate for online accounts
Overall, the proportion of respondents who activated 2FA for some or all of their online accounts increased from 80% in 2018 to 83% in 2019.
More respondents knew how to use security apps but less than half installed them
The proportion of respondents who used their mobile devices for online transactions has continued to increase to 80% in 2019, up from 73% in 2018.
However, the proportion of respondents who installed security applications in their mobile devices saw only a slight increase from 45% in 2018 to 47% in 2019 This is despite the fact that majority of the respondents (85%) acknowledged the risks of not installing security applications.
Respondents believe that cyber incidents would not happen to them
The survey also studied the prevalence of cyber incidents and respondents’ attitudes and behaviours towards them. About a quarter of the respondents said that they had been a victim of at least one cyber incident in the past 12 months.
When asked about the actions they took, 68% of respondents said that they changed their passwords, 46% reported the incident to the relevant organisation, 30% installed an anti-virus software, while eight percent of the respondents did not take any action.
However, most continued to believe that such incidents would not happen to them. For instance, while 78% of the respondents were concerned about falling victim to an online scam or fraud, only 27% felt that there was a likelihood that this would happen to them
Cybersecurity is everyone’s responsibility
Similar to previous years’ findings, the majority of respondents (78%) agreed that all Singaporeans have a role to play in cybersecurity,
Mr David Koh, Commissioner of Cybersecurity and Chief Executive, CSA, said “With our increasing reliance on technology, especially amid the COVID-19 pandemic, opportunistic cyber criminals now have a bigger hunting ground. It is important for us to shake off the ‘it will not happen to me’ mindset, stay vigilant, and take steps to protect ourselves online so that we do not become the next victim.”
The insights gathered from the survey highlight CSA’s efforts to raise cybersecurity awareness and promote the adoption of cybersecurity measures.
CSA will also launch a Safer Cyberspace Masterplan later this year, which lays out a blueprint to better protect Singaporeans and businesses in the digital domain.
AI and other digital technologies could help solve some of the world’s most important social problems, like climate change, biodiversity loss, food insecurity and risks to public health, among others. Harnessing digital capabilities to promote a transformative system could be a game-changer for a sustainable and equitable global future.
Today’s consumers expect more than great products and services, and businesses are well aware of this. Clients want to feel like they are investing in a reputable, responsible brand. Consequently, the most market-dominant businesses are not merely profitable and have good products but those that have multiple alternate bottom lines – social, environmental and sustainable.
More than 90% of business executives agree that sustainability is crucial to their success. As consumer groups continue to publish reports on the increased desire for more environmentally friendly corporate practices, it is simple to see why green marketing strategies are gaining such importance.
The environment and sustainability are vital components in the strategy and operations of enterprises looking to be more conscientious. Organisations have been taking proactive steps to develop a greener future with their consumers, partners, stakeholders and workers. These efforts include environmental initiatives, community outreach efforts and business practices.
Advancing Environmental Sustainability and Resilience
“Everyone is becoming aware of the necessity for action to attain sustainability,” says Vivek. “There is a growing interest in corporate sustainability and how corporations can strive for it to meet the needs of stakeholders for social, economic, and environmental implications.”
Most businesses are considering ways to contribute significantly, which will need robust investment and efforts. “We see businesses quickening their momentum and considering effective climate innovations. A case in point is how electric mobility companies can be affected by the huge reductions in costs for climate technology.”
Vivek believes it is possible to adapt a company’s digital strategy to mitigate and deal with extreme climate change. Companies must include digitalisation and decarbonisation in their strategy, as industry 4.0 technologies will play a crucial role in meeting the emissions reduction goal.
Digital technologies can increase energy efficiency and decrease fuel consumption across multiple industries and sectors. Digitalisation has the potential to revolutionise the way people and technology interact by helping to analyse and calibrate necessary interventions.
By utilising digitalisation, businesses can identify the emissions sources, whether at the product level, manufacturing unit level, or equipment level. They can then determine the necessary interventions to reduce emissions, such as a change in the manufacturing or personnel settings, and then monitor whether the identified interventions are being implemented.
“Here is where I believe digitalisation and decarbonisation must go hand-in-hand, as this will ensure that industries undergo structural changes and reach their objective,” says Vivek.
Businesses need to be more conscious of the need to be prepared for the energy shift, and he has five relevant steps for how businesses should approach this:
- Develop an understanding of how energy shifts will affect your company;
- Think about a bold and ambitious target, such as considering how big of a carbon footprint reduction they intend to achieve with this energy transition;
- Consider various situations and their effects;
- Create a comprehensive plan that will serve as an overall strategy with well-defined and cascading targets;
- Think about implementation, where companies strike a balance between all the goals, e.g., carbon footprint and profitability
Right now, society is more conscious of sustainability and is calling for companies to shift their carbon footprint and be more conscious about emissions. This is causing profound changes in the corporate and government landscape.
Organisations can work toward more sustainable practices with the aid of corporate sustainability’s economic, social and environmental pillars. Businesses must alter their mindset from just profitability at the expense of the environment to a sustainable and profitable paradigm. There must be interdependence and a greater emphasis on operations and eco-innovation.
Adopting sustainable practices benefits the environment, but businesses have also demonstrated that these programmes can boost productivity, lower costs, make shareholders happy, and a host of other advantages.
“Corporate entities must take the initiative in determining pertinent technologies. Companies must implement technologies to decrease their carbon footprint. They are the ones that will bring about change. Governments can decide the legislation, but unless companies change, it will be difficult to achieve net zero,” Vivek firmly believes.
A green economy is the practice of sustainable development supported by public and private investment in creating an infrastructure that promotes social and environmental sustainability. A green economy refers to an economy in which individuals are increasingly aware of their carbon emissions and are taking steps to reduce them.
A carbon footprint is the total amount of greenhouse gases, including carbon dioxide and methane, that corporations and individuals generate.
There are numerous practical and effective approaches to implementing sustainable technologies at the national level. “I believe that each country will deploy different technologies; the mix of technologies, the adoption rate, and the deployment cost will all be very different. However, each country will need to consider what sustainable technologies are relevant to them, consider implementing them, and consider the reasons for doing so.”
According to Vivek, decarbonisation entails significant economic transformation. When new business opportunities arise in Asia, companies must contemplate how they will be the first to take advantage. To do this, they must seriously consider the technologies and industries they want to innovate in or implement and the various business models they should use to take these opportunities.
There will be an acceleration of the energy transitions if individuals in the nation change their behaviour, the government considers how the empowering regulations should be made, or how businesses decide how they will operate.
Vivek has led several large-scale transformations and new business builds across the region, such as for an energy conglomerate in Indonesia. From this experience, he is convinced that a fundamentally different way of thinking about any business problem is required.
It requires thinking about what the unique value proposition is going to be and thinking about getting new talent to build a business from the ground up. Some of his most memorable moments on this journey include realising the value of having the right talent.
Another thing he learned is that customer preferences change at very different levels. So, thinking about the organisation’s unique value propositions and how customers perceive them becomes very important. For incumbents, choosing different business models can also be essential.
Both private and public organisations are aware that change needs to occur quickly. Resources are becoming harder to come by while demand is rising, necessitating a balance to build a sustainable future. “Green technologies will help the world achieve sustainable levels and make the environment cleaner and safer for everyone.”
Urban Ideas and Solutions Through LKYGBPC
Vivek is on the International Judging Panel (IJP) of the Lee Kuan Yew Global Business Plan Competition (LKYGBPC), a biennial global university start-up challenge held in Singapore.
As a member of the judging panel charged with driving, developing, and upholding the entrepreneurial spirit of the LKYGBPC participants, Vivek is focused on the innovativeness of the solutions, such as how effectively the technology solves the problem.
He also believes that feasibility and how the different technologies are correctly implemented can significantly change the world. “These two parameters will be quite useful in considering how we are selecting, or how I would select various technologies.”
He acknowledges that innovative entrepreneurship talent can be cultivated wider in the broader community through such competitions. These serve as an illustration of how they are fostering innovation and entrepreneurship across society.
The competition is also one example of instilling a culture where the next generation is thinking about how things can be done differently. Competitors explore creative ideas and have a forum where they can share their thoughts, which can be a great example of nurturing innovation.
The competition, which is run by the Institute of Innovation and Entrepreneurship at Singapore Management University (SMU), is centred on urban ideas and solutions developed by student founders and early-stage start-ups. It is positioned as a campus innovation movement that seeks to establish a global startup ecosystem with financial backers, including venture capitalists, corporate oligopolies, and governmental organisations.
“I believe many of our leading schools are doing a great job of instilling a culture where children are thinking about how things can be done differently and what are creative ideas,” Vivek opines.
There are numerous instances throughout the world where the technologies or solutions used by youth or larger communities have truly made a meaningful difference. “But it does take some significant effort to raise awareness and establish a forum where people can discuss their concerns, share their ideas, and obtain the resources needed to solve them,” Vivek concludes.
The Nanyang Technological University, Singapore (NTU Singapore) will be collaborating with a chemical manufacturing corporation in research that will drive new advancements in sustainable lithium battery technologies. The joint project will be led by the Executive Director of the Energy Research Institute at NTU (ERI@N) and Co-Director of NTUSingapore CEA Alliance for Research in Circular Economy (SCARCE), a centre for excellence in innovative solutions for recycling and recovering valuable elements from e-waste.
The Chief Commercial Officer at the chemical manufacturing corporation has played an important role in many breakthroughs in battery research and development. By expanding its R&D partnerships, the company can build on its heritage of innovation and continue to push the boundaries of what is possible and find optimal pathways for progress.
The firm is excited to begin this journey with a pioneering, distinguished scientist like Professor Srinivasan and the entire team at NTU, as new pathways to support advancements in battery technology can be explored.
The Executive Director of the Energy Research Institute at NTU (ERI@N), who will lead the research, is a renowned academic whose research focuses on the circular economy. She worked extensively on research initiatives with battery industry leaders and helps advise on public policies for energy and sustainability in Singapore and around the world. She is also the Executive Director of the Sustainability Office at NTU Singapore, which oversees and integrates sustainability initiatives and innovation across the University and its smart campus.
She noted that NTU Singapore has a strong history of working closely with the industry to commercialise research into tangible and impactful outcomes. The team is excited to collaborate with innovative leaders like the partnering firm, to advance sustainable lithium battery technologies. Their hope is to accelerate a more sustainable approach for lithium-ion batteries used in millions of electric vehicles and portable devices across the world.
The global Lithium-ion Battery Market was US$36.90 billion in 2020. The global market size is projected to reach US$193.13 billion by 2028, exhibiting a CAGR of 23.3% during the forecast period from 2021-2028.
Recent research shows that the continuing demand for power supply for numerous applications, augmented demand for electric vehicles, the surging necessity of battery-operated equipment and machinery in automotive industries, and the usage of lithium-ion batteries in renewable energy applications are sustaining the lithium-ion battery market growth.
As governments across the globe begin imposing guidelines for the monitoring of surging pollution phases. Various industries are being compelled to use lithium-ion batteries. The power industry is working to manufacture renewable energy and stock for future purposes.
In addition, low cost, low-self discharge rate, and negligible installation space are a few of the crucial factors driving the implementation of lithium-ion batteries in smart grid and energy storage systems. Since the product is more resilient to high temperatures, it is perfect for usage in distant areas and thermal control applications. The Asia Pacific region is expected to hold the largest lithium-ion battery market share during the mentioned period.
NTU is home to various leading research centres including the Nanyang Environment & Water Research Institute (NEWRI) and Energy Research Institute @ NTU (ERI@N). Under the NTU Smart Campus vision, the University harnesses the power of digital technology and tech-enabled solutions to support better learning and living experiences, the discovery of new knowledge, and the sustainability of resources.
The Singapore Food Agency (SFA), National University of Singapore (NUS), Temasek Life Sciences Laboratory (TLL), and seven industry partners signed a Memorandum of Understanding (MoU) to develop the AquaPolis Programme.
The AquaPolis Programme is an initiative under Singapore Food Story R&D Programme 2.0. It envisions Singapore as a leading research and innovation cluster for sustainable tropical aquaculture. The aim is to gather local and overseas aquaculture researchers and industry partners to foster strategic synergies in developing innovative and sustainable solutions while cultivating talent for the industry’s workforce.
AquaPolis will capitalise on the technical, operational and research expertise of strategic partners to achieve translational R&D results, in improving the productivity and competitiveness of our local farms towards Singapore’s “30 by 30” food security goal.
This goal aims to build the agri-food industry’s capability and capacity to sustainably produce 30% of Singapore’s nutritional needs by 2030. Beyond local production, the developed solutions and innovations may also be relevant to agri-food industries in other regional countries and contribute to sustainable food practices and enhance our food security, particularly in the light of climate change.
The MoU demonstrates the shared commitment of SFA, NUS, and TLL in R&D collaboration, and exchanges with industry partners on the knowledge of cultivation and intensification of sustainable aquaculture production in Singapore.
The MoU was jointly signed by the Chief Executive Officer of SFA; the Deputy President (Research and Technology) of NUS; the Chief Executive Officer of TLL as well as major heads from the seven industry partners.
The Chief Executive Officer of SFA stated that the agency welcomes the strategic collaboration. He noted that it is exciting to see R&D talents from local and overseas institutions as well as our key industry partners, coming together with innovation and sustainability in mind, to build Singapore’s capabilities and capacity in aquaculture within Singapore and beyond.
The aquaculture industry plays a key role in Singapore and the world’s food security, and the leader is confident that these collective efforts will strengthen food security and build a resilient food future for Singapore.
The Deputy President (Research and Technology) of NUS stated that the University is excited to host the AquaPolis Programme. The University looks forward to collaborating closely with the Singapore Food Agency and Temasek Life Sciences Laboratory to co-create innovative research solutions to address challenges in tropical aquaculture.
The Chief Executive Officer of TLL stated that AquaPolis represents a milestone in Singapore’s 20-year journey to bring together partners, with a vision to transform our aquatic food systems to be more sustainable and resilient for a growing population considering global climate changes.
The Lab looks forward, together with SFA and NUS in partnership with the industry partners, to help lay the foundation for research-based innovation to address challenges faced by the industry today and to nurture the next generation of aquaculture champions to benefit all consumers in Singapore.
SFA will be uplifting the aquaculture industry in the coming years through the Singapore Aquaculture Plan (SAP). Through the SAP, SFA will focus on productive and sustainable production and unlock the full potential of sea-based fish farming.
- Unlocking new spaces through sea space tenders and longer leases;
- Supporting the aquaculture sector to transform into one that is highly productive, climate-resilient and resource-efficient using technology and adopting appropriate farm management methods. These include conducting environmental surveys and water and seabed quality surveys to better inform farm management;
- Supporting research and innovation for sustainable tropical aquaculture through leveraging on SFA’s Marine Aquaculture Centre.
Singapore’s Infocomm Media Development Authority (IMDA) has recently updated its platform known as Chief Technology Officer-as-a-Service (CTO-as-a-Service). The platform enables SMEs to self-assess their digital readiness and needs at any time and from any location, as well as access market-proven and cost-effective digital solutions and engage digital consultants for in-depth advisory and project management services.
This is for any business entity that wants to know how to start going digital, understand what type of solutions to adopt for its specific business challenge, or choose the solution that best meets its needs.
An enterprise can benefit from CTO-as-a-Service through:
- Conduct a self-evaluation of its digital readiness and pinpoint its gaps and needs in terms of digitalisation;
- Study other Small and Medium Sized Enterprises (SMEs) that have carried out digitalisation projects successfully;
- Receive digital solution suggestions based on the business’s needs and profile; and
- Evaluate the features and costs of various digital solutions.
There are more than 450 subsidised digital solutions available for selection, including those that address industry-specific or general business needs, as well as those that serve to streamline operations, increase business sales revenue, or ensure business resiliency.
The business can also work with digital consultants from the designated operators through CTO-as-a-Service, for digital advisory to assist:
- Seek a deeper comprehension of its business priorities and needs;
- Create training plans and digital solutions specifically for its businesses;
- Include fundamental data usage, protection, and cybersecurity risks in the digitalisation process.
The business may also ask digital consultants to assist with project managing the rollout of its digitalisation initiatives.
Eligible businesses can use digital advisory and project management services for free for the first time. Should the businesses want to keep using digital consultants, future usage or service enhancement will be based on commercial agreements.
Any company that satisfies the requirements below is qualified to use free project management and digital advisory services for the first time:
- Licensed and active in Singapore;
- A minimum of 30 per cent local shareholding;
- Enterprise’s group employment size is no more than 200 employees, or the group’s annual sales turnover is no more than S$100 million;
- Has never previously used CTO-as-a-Service digital consultants.
Meanwhile, SMEs are the backbone of Singapore’s economy. They employ two-thirds of the country’s workers and contribute almost half of Singapore’s GDP. Since digital technology is changing every part of Singapore’s economy, SMEs need to take advantage of digital technologies to grow and do well.
The SMEs Go Digital programme, which was started by the IMDA in April 2017, is meant to make going digital easy for SMEs. More than 80,000 SMEs have used the programme’s digital solutions.
Enterprises can also use advanced and integrated solutions to improve their capabilities, strengthen business continuity measures, and build longer-term resilience. Solutions that are supported by government agencies solve common problems at the enterprise level on a large scale, help enterprises adopt new technologies, and make it easier for enterprises to do business within or across sectors.
IMDA works with sector-led agencies and industry players to find advanced and integrated digital solutions that can be supported and are relevant to their sectors. Companies that want to use these solutions can check the IMDA website to find out when they can apply for each one.
Costs for hardware, software, infrastructure, connectivity, cybersecurity, integrations, development, improvement, and project management can be covered by funding support. With this, the agency has kept helping businesses, and the list of solutions that are supported will grow, with an emphasis on AI-enabled and cloud-based solutions.
The Counter Ransomware Task Force (CRTF), which was formed to bring together Singapore Government agencies from various domains to strengthen Singapore’s counter-ransomware efforts, has issued its report.
Singapore’s efforts to promote a resilient and secure cyber environment, both domestically and internationally, to combat the rising ransomware threat are guided by the recommendations in the CRTF report.
According to David Koh, Commissioner of Cybersecurity, Chief Executive of CSA and Chairman of the CRTF, ransomware poses a threat to both businesses and individuals. Economically, socially, and even in terms of national security, it can be detrimental. Both internationally and across domains, ransomware is a problem.
“It requires us to collaborate and draw on our knowledge in a variety of fields, including cybersecurity, law enforcement, and financial supervision. It also necessitates that we work with like-minded international partners to identify a common problem and develop solutions,” David explains.
He exhorts businesses and individuals to contribute as well, strengthening the nation’s overall defence against the ransomware scourge.
Cybercriminals use malicious software known as ransomware. When ransomware infects a computer or network, it either locks the system or encrypts the data on it. For the release of the data, cybercriminals demand ransom money from their victims.
A vigilant eye and security software are advised to prevent ransomware infection. Following an infection, malware victims have three options: either they can pay the ransom, attempt to remove the malware, or restart the device.
Extortion Trojans frequently employ the Remote Desktop Protocol, phishing emails, and software vulnerabilities as their attack vectors. Therefore, a ransomware attack can target both people and businesses.
The ransomware threat has significantly increased in scope and effect, and it is now a pressing issue for nations all over the world, including Singapore.
The fact that attackers operate internationally to elude justice makes it a global issue. Ransomware has created a criminal ecosystem that offers criminal services ranging from unauthorised access to targeted networks to money laundering services, all fed by illicit financial gains.
Singapore must approach the ransomware issue as a cross-border and cross-domain problem if it is to effectively combat the ransomware threat.
Other nations should adopt comparable domestic measures to coordinate their financial regulatory, law enforcement, and cybersecurity agencies to combat the ransomware issue and promote international cooperation.
Three significant results were the culmination of the CRTF’s work. For government agencies to collaborate and create anti-ransomware solutions, they first developed a comprehensive understanding of the ransomware kill chain.
Second, it examined Singapore’s stance on paying ransom to cybercriminals. Third, for the government to effectively combat ransomware, the CRTF suggested the following policies, operational plans, and capabilities under four main headings:
Pillar 1: Enhances the security of potential targets (such as government institutions, critical infrastructure, and commercial organisations, especially small and medium-sized businesses) to make it more difficult for ransomware attackers to carry out successful attacks.
Pillar 2: To lower the reward for ransomware attacks, disrupt the ransomware business model.
Pillar 3: To prevent ransomware attack victims from feeling pressured to pay the ransom, which feeds the ransomware industry, support recovery.
Pillar 4: Assemble a coordinated international strategy to combat ransomware by cooperating with international partners. Singapore should concentrate on and support efforts to promote international cooperation in three areas that have been identified by the CRTF: law enforcement, anti-money laundering measures, and discouraging ransom payments.
The appropriate government agencies will take the recommendations of the CRTF under consideration for additional research and action.
The Ministry of Information and Communications (MIC) announced it would roll out Internet advertising management measures at a conference in Hanoi earlier this week. Participants at the event discussed how advertising in cyberspace has become the norm. Domestic and foreign firms choose it because it is easier to access customers and it offers flexible costs and larger reach. However, the limited management of ads poses potential risks to the safety of brands, the Ministry has said.
According to a press release by MIC, ad agents affirmed that without the cooperation of cross-border platforms in modifying algorithms to filter and censor content, ad violations will remain rampant. The Ministry will penalise agents and brands that cooperate with platforms that do not fall in line with MIC regulations. On the other hand, the Ministry will support ads on domestic and foreign digital platforms that comply with domestic laws, MIC’s Deputy Minister, Nguyen Thanh Lam, noted. This will protect brands and build a healthy, safe, and fair ad business environment.
The Ministry will also increase inspection and clampdown on violations of Internet ads activities, he said. Cross-border ad firms that fail to comply with Vietnam’s laws will not be allowed to operate in the country. MIC has also generated a Whitelist consisting of licensed e-newspapers, magazines, general information websites, and social media. Other websites, registered accounts, and information channels are also in the pipeline for the list, the release said. The list will be publicised on the portals of the Ministry and Authority of Broadcasting and Electronic Information. Ad service providers, agents, and brands were also urged to use the list for their work.
Nearly 80% of the population in Vietnam are digital consumers, as OpenGov Asia reported earlier in October. Over the past year, the average contribution of e-commerce to total retail has continued to grow at 15%. Higher than growth in India (10%) and China (4%), with an online-to-total retail share of 6%. Now that the world is in the post-pandemic stage, regional consumers are prioritising an integrated shopping experience, combining online and in-person services. During the ‘discovery’ phase of their shopping, 84% of Vietnamese shoppers use the Internet to browse and find items. This is a period when they use more platforms than ever before, with the dominance of the e-commerce market accounting for 51% of online spending.
At the same time, social networking sites account for nearly half of online discoveries, including images (16%), social media videos (22%), and related tools such as messaging (9%). These tools were paramount channels for 44% of survey respondents. Consumers’ openness to interaction and experimentation has also led to behavioural changes, with 64% of respondents saying they have interacted with a business account in the past year. As customers seek more engagement, the content creation economy is able to grow exponentially.
In the context of digital consumption, Vietnamese users switch brands more often and increase the number of platforms they use to find a better value, with 22% of online orders made on various e-commerce platforms. The number of online platforms Vietnamese consumers use has doubled from 8 in 2021 to 16 in 2022. Therefore, it is important to put in place proper ad regulations as Internet usage grows.
The Cyberspace Administration of China (CAC) announced a new certification for personal information protection and implementation. The office has decided to implement such certification to enhance its information protection capabilities and to promote the rational processing of personal information.
The certification implementation follows the Personal Information Protection Certification Implementation Rules. The implementation rules clarify that personal information processors must comply with the requirements of GB/T 35273 Information Security Technology Personal Information Security Specifications. The rules outline requirements for on-site audits, the evaluation and approval of certification results, post-certification supervision and certification time limits.
Organisations engaged in personal information protection certification work need approvals to carry out activities. The regulation applies to every personal information processor that carries out private information collection, storage, use, processing, transmission, provision, disclosure, deletion and cross-border processing activities.
The State Administration for Market Regulation and the State Internet Information Office decided to implement personal Information protection certification. The step is relevant to provisions of the Personal Information Protection Law of the People’s Republic of China (‘PIPL’). The body requires the Specifications for Security Certification of Cross-Border Processing of Personal Information for cross-border personal information processing.
The latest versions of the standards include technical verification, on-site audit, and post-certification supervision. In addition, the certification body shall clarify the requirements for certification entrustment materials, including but not limited to the basic materials of the certification client, the certification power of attorney, and relevant certification documents.
To get certified, an organisation must submit certification entrustment materials according to the certification body’s requirements and the certification body shall give timely feedback on whether it is accepted after reviewing the materials.
The materials are then used for determining the certification plan, including the type and quantity of personal information, the scope of personal information processing activities, information on technical verification institutions, etc., before notifying the organisation seeking certification.
The CAC stated certification is valid for three years. An organisation must submit a certification commission within six months before the expiration of the validity period. The certification body shall adopt the method of post-certification supervision and reissue new certificates to those that meet the certification requirements.
Violations, cheating, and other behaviours that seriously affect the implementation of the certification on the certification client or personal information processor will cancel the certificate. Therefore, certification bodies shall adopt appropriate methods to implement post-certification supervision to ensure that certified personal information processors continue to meet certification requirements. The certification body comprehensively evaluates the post-certification surveillance conclusions and other relevant information. If the evaluation is passed, the certification certificate can continue to be maintained.
The organisation shall actively cooperate with the certification activities. During the validity period of the certification certificate. If the name and registered address of the certified personal information processor, or the certification requirements, certification scope, etc., change, the certification principal shall submit a change entrustment to the certification body.
When changes happen, the certification body must evaluate the change in entrustment materials. The result will determine whether the body can approve the change. If technical verification or on-site audit is required, the body shall conduct technical and on-site audits before the change is approved.
When a certified personal information processor no longer meets the certification requirements, the certification body will promptly suspend or revoke the certification certificate. The certification principal can apply for the suspension and cancellation of the certification certificate within the validity period of the certification certificate.