Hitachi Data System has released the findings of a new report prepared by technology law firm, Fieldfisher LLP.
The researchers reviewed data retention obligations in Asia Pacific and the principles that have influenced a rise in common requirements for data capture, storage and management.
New global legislation, such as the Markets in Financial Instruments Directive II ("MiFID2"), Dodd-Frank and, looking ahead to 2018, the General Data Protection Regulation ("GDPR"), further extend the influence and power of regulators, the report claims.
Paul Bruton, business director, data intelligence, Hitachi Data Systems, Asia Pacific says that regulators today have an even more sophisticated understanding of the power of technology in advancing the compliance agenda.
As the report explains, this results in increasing regulatory requirements, for example mandating more and faster reporting, real-time data capture, and strict management of the deluge of data introduced by digital transformation.
“Businesses in A/NZ face a significant challenge with the GDPR changes coming into effect next year, and let’s not forget the far-reaching consequences of Australia’s new data breach laws,” adds Bruton.
“Now is the time to determine the roles and responsibilities in the creation and management of data within the organisation, factor these requirements into an effective data strategy, and turn the compliance conundrum into an opportunity for digital transformation and innovation.”
The paper identifies six key compliance challenges that enterprises and government agencies need to address:
1. Capture and management 2. Access and availability 3. Privacy and security 4. Integrity and authenticity 5. Retention and preservation 6. Disposal and defensibility
The Fieldfisher report also looks at the implications of legal frameworks for Australian and New Zealand enterprises, including the Australian Privacy Principles (“APP”) and the Information Privacy Principles (“IPP”) in New Zealand.
Simon Briskman, partner at Fieldfisher comments, “In comparison with many countries in Asia Pacific, Australia is well advanced in access and disclosure requirements. Australian law in the area has a long evolution.”
“For example, the Australian Corporations Act 2001 lays down extensive obligations for the preparation of financial reports. Regulators such as the Australian Securities and Investments Commission and the Office of the Australian Information Commissioner ensure Australia meets broad international standards on information security, data management, record keeping, disclosure and data quality.”
He says both Australia and New Zealand have legislation allowing electronic communications to be admitted in evidence in court, and there have been significant changes to the privacy laws in both countries.
“Overall, the landscape is one of increasingly sophisticated regulation that requires specific compliance solutions. Technology has become a vital part of those solutions.”
In data retention and record keeping requirements, Australia and New Zealand are in the middle bracket, with the Australia Corporations Act 2001 and the New Zealand Companies Act 1993 requiring records to be kept for at least seven years.
The period of retention varies widely across the Asia Pacific region; in Singapore the minimum is five years, in Hong Kong and India 10 years, and in China records can be required to be retained permanently, depending on the nature of the record.