Read the full report:
Evolving Data Privacy Regulations Could Drive Long-Term Shift in Business Operations
Proliferating data privacy regulations will increase compliance costs for companies, as well as litigation and fines when breaches occur, Sustainable Fitch says in a new report. The rising number of data breach incidents
in recent years has greatly escalated concerns and costs around data privacy issues in a rapidly evolving regulatory environment.
The EU’s General Data Privacy Regulation (GDPR) was the first comprehensive overhaul of data protection rules that identifies issues on data privacy and protection. Multiple jurisdictions, including Brazil, China
and Japan, are setting up similar legislations on data protection regulations in light of rising public awareness of data privacy.
The cross-border nature of data flows has added complexities to the enforcement of data protection regulations, including the way data are transferred and stored, which has increased the calls for regulation harmonisation.
GDPR has set up a process allowing data flows from EU to certain third countries without additional safeguards.
There has been limited credit impact from regulations due to a lack of resources and budget for law enforcement, an ambiguous regulatory framework and delays from Covid-19. We expect the fines for violating data privacy
laws to increase after the pandemic, as regulations begin to fall in place and enforcements strengthens.
All sectors are exposed to data breach risks. Increasing incidence of cyberattacks poses higher risks for companies not complying with GDPR and similar data regulations given stricter rules on notice periods and cyber defence.
Cyber insurance is an important way to mitigate the rising costs from data breach incidents, especially for sectors with higher exposure, such as technology, healthcare and financial services.
Higher regulatory oversight and demands will drive a fundamental transformation about how businesses understand and manage data privacy risks. We expect to see increasing operational and capital expenditures within businesses
to comply with data regulations and to re-evaluate the role of data in their long-term business strategy.
Research Associate, Sustainable Fitch
Fitch (Hong Kong) Limited
19/F, Man Yee Building,
68 Des Voeux Road Central, Hong Kong
Senior Director, Sustainable Fitch
+44 20 3530 1072
ALL FITCH CREDIT RATINGS ARE SUBJECT TO CERTAIN LIMITATIONS AND DISCLAIMERS. PLEASE READ THESE LIMITATIONS AND DISCLAIMERS BY FOLLOWING THIS LINK:
WWW.FITCHRATINGS.COM. PUBLISHED RATINGS, CRITERIA, AND METHODOLOGIES ARE AVAILABLE FROM THIS SITE AT ALL TIMES. FITCH'S CODE OF CONDUCT,
CONFIDENTIALITY, CONFLICTS OF INTEREST, AFFILIATE FIREWALL, COMPLIANCE, AND OTHER RELEVANT POLICIES AND PROCEDURES ARE ALSO AVAILABLE FROM THE CODE OF CONDUCT SECTION OF THIS SITE. FITCH MAY HAVE PROVIDED ANOTHER
PERMISSIBLE SERVICE TO THE RATED ENTITY OR ITS RELATED THIRD PARTIES. DETAILS OF THIS SERVICE FOR WHICH THE LEAD ANALYST IS BASED IN AN ESMA- OR FCA-REGISTERED FITCH RATINGS COMPANY (OR BRANCH OF SUCH A COMPANY)
CAN BE FOUND ON THE ENTITY SUMMARY PAGE FOR THIS ISSUER ON THE FITCH RATINGS WEBSITE.
Copyright © 2021 by Fitch Ratings, Inc., Fitch Ratings Ltd. and its subsidiaries. 33 Whitehall Street, NY, NY 10004. Telephone: 1-800-753-4824, (212) 908-0500. Fax: (212) 480-4435. Reproduction or retransmission in
whole or in part is prohibited except by permission. All rights reserved. In issuing and maintaining its ratings and in making other reports (including forecast information), Fitch relies on factual information
it receives from issuers and underwriters and from other sources Fitch believes to be credible. Fitch conducts a reasonable investigation of the factual information relied upon by it in accordance with its ratings
methodology, and obtains reasonable verification of that information from independent sources, to the extent such sources are available for a given security or in a given jurisdiction. The manner of Fitch's factual
investigation and the scope of the third-party verification it obtains will vary depending on the nature of the rated security and its issuer, the requirements and practices in the jurisdiction in which the rated
security is offered and sold and/or the issuer is located, the availability and nature of relevant public information, access to the management of the issuer and its advisers, the availability of pre-existing third-party
verifications such as audit reports, agreed-upon procedures letters, appraisals, actuarial reports, engineering reports, legal opinions and other reports provided by third parties, the availability of independent
and competent third- party verification sources with respect to the particular security or in the particular jurisdiction of the issuer, and a variety of other factors. Users of Fitch's ratings and reports should
understand that neither an enhanced factual investigation nor any third-party verification can ensure that all of the information Fitch relies on in connection with a rating or a report will be accurate and complete.
Ultimately, the issuer and its advisers are responsible for the accuracy of the information they provide to Fitch and to the market in offering documents and other reports. In issuing its ratings and its reports,
Fitch must rely on the work of experts, including independent auditors with respect to financial statements and attorneys with respect to legal and tax matters. Further, ratings and forecasts of financial and other
information are inherently forward-looking and embody assumptions and predictions about future events that by their nature cannot be verified as facts. As a result, despite any verification of current facts, ratings
and forecasts can be affected by future events or conditions that were not anticipated at the time a rating or forecast was issued or affirmed.The information in this report is provided \'as is\' without any representation
or warranty of any kind, and Fitch does not represent or warrant that the report or any of its contents will meet any of the requirements of a recipient of the report. A Fitch rating is an opinion as to the creditworthiness
of a security. This opinion and reports made by Fitch are based on established criteria and methodologies that Fitch is continuously evaluating and updating. Therefore, ratings and reports are the collective work
product of Fitch and no individual, or group of individuals, is solely responsible for a rating or a report. The rating does not address the risk of loss due to risks other than credit risk, unless such risk is
specifically mentioned. Fitch is not engaged in the offer or sale of any security. All Fitch reports have shared authorship. Individuals identified in a Fitch report were involved in, but are not solely responsible
for, the opinions stated therein. The individuals are named for contact purposes only. A report providing a Fitch rating is neither a prospectus nor a substitute for the information assembled, verified and presented
to investors by the issuer and its agents in connection with the sale of the securities. Ratings may be changed or withdrawn at any time for any reason in the sole discretion of Fitch. Fitch does not provide investment
advice of any sort. Ratings are not a recommendation to buy, sell, or hold any security. Ratings do not comment on the adequacy of market price, the suitability of any security for a particular investor, or the
tax-exempt nature or taxability of payments made in respect to any security. Fitch receives fees from issuers, insurers, guarantors, other obligors, and underwriters for rating securities. Such fees generally vary
from US,000 to US,000 (or the applicable currency equivalent) per issue. In certain cases, Fitch will rate all or a number of issues issued by a particular issuer, or insured or guaranteed by a particular insurer
or guarantor, for a single annual fee. Such fees are expected to vary from US,000 to US,500,000 (or the applicable currency equivalent). The assignment, publication, or dissemination of a rating by Fitch shall not
constitute a consent by Fitch to use its name as an expert in connection with any registration statement filed under the United States securities laws, the Financial Services and Markets Act of 2000 of the United
Kingdom, or the securities laws of any particular jurisdiction. Due to the relative efficiency of electronic publishing and distribution, Fitch research may be available to electronic subscribers up to three days
earlier than to print subscribers.For Australia, New Zealand, Taiwan and South Korea only: Fitch Australia Pty Ltd holds an Australian financial services license (AFS license no. 337123) which authorizes it to provide
credit ratings to wholesale clients only. Credit ratings information published by Fitch is not intended to be used by persons who are retail clients within the meaning of the Corporations Act 2001Fitch Ratings,
Inc. is registered with the U.S. Securities and Exchange Commission as a Nationally Recognized Statistical Rating Organization (the \'NRSRO\'). While certain of the NRSRO's credit rating subsidiaries are listed
on Item 3 of Form NRSRO and as such are authorized to issue credit ratings on behalf of the NRSRO (see
other credit rating subsidiaries are not listed on Form NRSRO (the \'non-NRSROs\') and therefore credit ratings issued by those subsidiaries are not issued on behalf of the NRSRO. However, non-NRSRO personnel may
participate in determining credit ratings issued by or on behalf of the NRSRO.