Just
recently, I submitted a book manuscript which covers the tenets and provisions
of all of the major data privacy laws, which include the GDPR, CCPA, etc. The basic thrust of all of them is to make
sure that not only are organizations doing their very best to make sure the
controls that they have implemented are safeguarding the datasets to the maximum
extent possible, but also to give the right to the dataset owners a strong
voice as to how they should be used.
Many states
here in the US have adopted their own version of a data privacy law, with other
countries following suit as well. The
latest one in this addition is the tiny island nation called Papua New
Guinea. I have heard of it of course,
but I had to Google where this little country is located at. Its in in the Southwestern part of the Pacific
Ocean, and the largest country within close proximity of it is Australia.
The
legislation that they have created and passed is called the “National Data
Protection and Governance Policy 2024. The
exact text of the legislation can be downloaded at this link:
http://cyberresources.solutions/blogs/PNG_Data_Privacy.pdf
There are
seven major sections to it, but here is a summary of some of the major
highlights of it:
The role of
data protection does not rely solely on just one entity. Rather, it is a shared responsibility between
government agencies, businesses, academia, non-profit entities, etc.
*The goal of the
country is to establish a “Digital Infrastructure” of sorts, which will allow
for all digital assets to be connected with another, especially as the IoT
revolution sets in with the population.
*Cyberattacks
are now happening much more frequently to the smaller nations in the Pacific
Rim, therefore strong legislation like the one mentioned here is absolutely
needed.
*The need for
Cyber resiliency is a must for Papua New Guinea, therefore it is the goal of
this new legislation to establish the framework to make this into a reality.
*Transparency
amongst the public is a must in order for any kind of data privacy action to
take place, and this new law helps to ensure that this actually does happen.
*One of the
more macro goals of this legislation is to further enhance the reach of the Cyber
frameworks developed by Papua New Guinea into the international arena. For example, it has joined the following:
Ø
Global
Cross-Border Privacy Rules (CBPR) Forum (more details can be found here: https://www.commerce.gov/global-cross-border-privacy-rules-declaration
Ø
The
government of Papua New Guinea is also working on a Memorandum Of Understanding
with the government of Japan in order to participate in Cyber Warfare games
with the other smaller island nations also located in the Pacific Rim. (more details can be found here: https://www.darkreading.com/cyber-risk/japan-runs-inaugural-cyber-defense-drills-with-pacific-island-nations
*Even the smallest
of nations, such as that of Papua New Guinea, can be strong foe against the Cyberattacker
groups.
Finally, this
new piece of legislation based by this tiny country has eight major objectives
to it, which are as follows:
Ø
Establish
Clear Principles
Ø
Strengthen
Data Protection
Ø
Promote
Data Governance
Ø
Facilitate
Data Sharing
Ø
Enhance
Data Literacy
Ø
Foster
Innovation and Economic Growth
Ø
Ensure
Flexibility and Adaptability
Ø
Align
with International Standards
Further details
about them can be found at this link:
https://www.ict.gov.pg/ndgdpp/
My Thoughts
On This:
Here in the United
States, we are still struggling in terms of the enforcement of the data privacy
laws that we have created. Not only are the
local governments slow to act on this, but with each state producing their own version
of it, there is way too much confusion about them. Therefore, we need a central authority to
have a federally created and enforced data privacy law.
Seeing how
quickly even the tiniest of nations, such as that of Papua New Guinea can do something
like this so quickly, we can learn a lot from them.
No comments:
Post a Comment