Sunday, March 7, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Navigating Business Uncertainty in a New Hong Kong

What the National Security Law Means for Organizations

by Sarah Skaluba and Seha Yatim
September 18, 2020
in Featured, Opinion
hong kong and china flags against blue sky

China’s new National Security Law (NSL) presents a threat to businesses operating in Hong Kong. In this op-ed, Access Partnership’s Sarah Skaluba and Seha Yatim reflect on where else APAC, data-driven, innovative companies may look to establish new hubs in the region.

Since the Hong Kong National Security Law (NSL) came into effect on June 30, 2020, authorities have wasted no time in enforcement. Within two weeks, media tycoon Jimmy Lai was arrested on “suspicion of breaches” of the law, as were another 10 employees from his company, including his two sons. Pro-democracy activist Agnes Chow was also arrested. These events are only the beginning.

In the wake of these developments, businesses stand at a challenging crossroads. Most immediately, companies face the threat of an enforcement order for noncompliance. This is punishable by a fine of HK$100,000 (around US$13,000) and six months imprisonment for failure to remove or restrict access to content. In the longer term, the National Security Law presents an alarming shift away from the “One Country, Two Systems” approach. It may only be a matter of time before China makes further inroads into Hong Kong with its onerous data localization rules, broad law enforcement access to data regulations and strict critical information infrastructure protection measures. The NSL presents a serious threat to Hong Kong’s democracy and global businesses alike.

Unsurprisingly, companies have responded to this uncertainty by moving data out of Hong Kong and suspending the processing of government data requests. Bloomberg reported that Oursky, an app development company, is planning to relocate to the U.K., while the energy startup Liquidstar will be moving to Singapore. Further, U.S. tech behemoths including Google, Facebook and Twitter have all stopped processing Hong Kong government data requests, and The New York Times is moving part of its Hong Kong office to Seoul.

The NSL has created an impetus for companies with regional operations in Hong Kong to reconsider their long-term approach as the business landscape is redefined. Companies can no longer rely on Hong Kong as a launchpad into the Chinese market. The looming uncertainty over how the NSL could impact the security of corporate data storage, coupled with deteriorating U.S.-China relations, is driving companies to rethink their market strategy. Senior leaders must weigh the costs of continuing to operate data centers in Hong Kong as operational costs and risks grow. Moving forward, data-driven, innovative companies may look to establish new hubs in the region.

Alternative Options for Organizations

For starters, Australia has one of the most mature data center markets in Asia Pacific, as well as an open regulatory regime. Australia was also one of the first countries to ratify the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) and has historically been a staunch supporter of the free flow of data across borders. Recently, however, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 has raised industry concerns, as it could potentially lead to government-mandated backdoors. Additionally, with tensions between Australia and China rising over the COVID-19 investigation Canberra is pushing, further trade retaliation from Beijing could be imminent.

As the third-largest economy in the world and a vocal proponent of free-flowing data, Japan proves another viable option. Prime Minister Shinzo Abe is determined to make Japan a leader in the digital trade arena, pursuing strong bilateral digital trade agreements and driving the Data Free Flow with Trust approach at the G20. The country’s data center industry has also grown significantly over the years and now boasts a cloud services market that is valued at roughly US$6 billion. Japan represents a unique opportunity given its close ties to Silicon Valley, though for SMEs and startups, the high operating cost in Japan may prove challenging.

South Korea is another attractive choice. In May 2020, Oracle opened up its second cloud region in the country, and by 2025, over 30 new data centers will be built. Between President Moon Jae-in’s Digital New Deal, the Government’s National Strategy for Artificial Intelligence and Seoul’s 5G leadership, the country is fast-tracking digital governance initiatives that will support a strong data center market. However, like some of its neighbors, Korea’s track record on data residency requirements and onerous data protection regulations can prove burdensome for foreign firms.

Finally, with Zoom announcing a new data center in Singapore, the city-state is a serious contender with its 60 data centers already running to date. While Singapore’s excellent connectivity and pro-business regulatory climate provide huge benefits, some companies may find its small and domestic market stifling. Nevertheless, it continues to be one of the top destinations because of its high standard digital trade rules and strong bilateral relationships that help shield the country from the retaliatory tariffs and trade wars plaguing other markets.

While emerging economies including India and Indonesia should certainly not be dismissed, some of the data localization mandates create difficult regulatory regimes. Google’s announcement of its US$10 billion investment in India over the next five to seven years, however, sends a powerful signal that industry is looking to India for long-term growth opportunities. While India’s data center market is expected to grow by US$4.9 billion by 2025, the Ministry of Electronics and Information Technology is actively considering enacting data localization mandates for both personal and nonpersonal data. Meanwhile, the Reserve Bank of India’s 2018 directive mandates that all payment systems data be stored in the country.

As companies weigh options and consider their next move on the heels of the NSL, it is imperative that businesses ensure consumer data is protected and that adequate safeguards remain in place. With more people using the internet and adapting to the new normal, technology solutions and services are being tested more than ever before. While reshoring is certainly not the solution, there may be a window of opportunity for governments across the Asia Pacific to attract new businesses and diversify their markets in the wake of the NSL.


Tags: Asia Pacific
Previous Post

Evolution of Dynamic Biometrics: Disrupting the Fraud Prevention Landscape

Next Post

New ICA Program Looks at the Initiatives Leading Compliance Into the Future

Sarah Skaluba and Seha Yatim

Sarah Skaluba is Manager, Data Policy & Trust at Access Partnership – the global public policy consultancy for the tech sector. She advises multinational clients on technology policies ranging from digital trade and cross-border data flows to artificial intelligence, data portability and intermediary liability. Prior to joining Access Partnership, she worked with enterprise software companies to develop advocacy strategies and global policy solutions at BSA | The Software Alliance, where she supported and helped launch the Global Data Alliance. Before this, Sarah was a research associate at C&M International and served in the U.S. government with both the Office of the United States Trade Representative and the Department of State. Sarah is co-chair of the Technology & Digital Economy program for the Association of Women in International Trade (WIIT). She holds a B.A. in International Studies from the University of Michigan and an M.A. in East Asian Politics and Security from the Walsh School of Foreign Service at Georgetown University. She spent two years living in Oita, Japan teaching English with the Japan Exchange and Teaching (JET) program. She works in both English and Japanese.
Seha Yatim is a Policy Manager for Asia & the U.S. at Access Partnership, a global public policy consultancy for the tech sector. Seha helps companies navigate the technology-related regulatory and policy environment in the Asia-Pacific region, with a special focus on ASEAN. She analyses various technology policies including data privacy, cybersecurity, technology risk, smart cities and others. With her acute sense of business impacts, she also identifies opportunities for clients to enable them to expand their business and achieve their goals. Prior to joining Access Partnership, Seha worked for the world’s largest package delivery company to raise thought leadership on trade and industry issues such as cross-border trade, e-commerce, high tech, industrial manufacturing and free trade agreements. She began her career in the Singapore Ministry of Manpower, where she formulated and executed communications plans for foreign manpower policies, as well as labor-trafficking issues. Seha holds a Master of Science in International Relations from the S. Rajaratnam School of International Studies and a Bachelor of Business Management from the Singapore Management University. She is a Certified Information Privacy Professional/Asia (CIPP/A) and is fluent in English and Malay.

Related Posts

green and red location markers on map

FinCEN’s Registry Will Be a Game-Changer. It Will Also Place an Added Burden on Corporations.

March 5, 2021
illustration of man under giant gavel

BitPay’s $507K OFAC Sanctions Violations Settlement

March 4, 2021
The facade of the SEC in Washington, D.C.

Prepare Now to Comply with SEC’s Updated MD&A and Related Financial Disclosure Requirements

March 3, 2021
Illustration representing a facial recognition technology scan of a face.

Facial Recognition Technology in the Workplace: Employers Use It, Workers Hate It, Regulation Is Coming for It

March 3, 2021
Next Post
train moving fast in tunnel with blurred lights

New ICA Program Looks at the Initiatives Leading Compliance Into the Future

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights