Inside Asian Gaming

IAG OCT 2021年10月 亞博匯 51 數碼聚焦 subjects is factored in, the volume of prospective data subject requests may rise exponentially and appear overwhelming without additional assistance and manpower. Macau law also requires that personal data is deleted once the purpose for collection has been completed. With the infinite number of new data streams captured, it is a sizable task to determine and document the retention period for all types and categories of personal data collected, and ensure that all copies of personal data are deleted across the IT systems and on back-up servers once the retention period expires. In addition, regulation was introduced in 2019 in Macau for gaming-specific data that requires the Macau Gaming Regulator’s prior authorization for the overseas transfer of any gaming-related 隨著捕獲的新數據流的增加，確定及記錄所收集的所有類型和類 別的個人數據的保留期限，以及確保一旦保留期限到期，跨IT系 統和備份服務器上的所有個人資料副本被刪除，這些是一項龐大 的任務。 此外，澳門於2019年出台了針對博彩相關數據的監管規定， 要求澳門的博彩監管機構對任何博彩相關數據的海外傳輸（如投 注金額、籌碼的購買和贖回）須事先授權，其中可能還包括用戶 的姓名、國籍等在內的個人數據。根據2019年澳門的《網絡安全 法》，作為私營關鍵基礎設施營運者，IR運營商在程序、預防及 應對網絡安全事故方面負有特殊責任和義務，包括向當局報告網 絡安全事故及潛在的數據洩露。 應對挑戰 儘管數據隱私的合規性對IR業務的連續性至關重要，但數據 收集和使用的急劇增加，通常並未與內部數據隱私團隊的發展相 匹配。為了應對日益複雜的工作，新的數據技術管理工具已經出 現，可以支持個人數據團隊的簡化和實施隱私的管理流程。通過 實施隱私管理軟件，數據可以在結構化平台上進行編目，並可以 data (such as betting amounts, bet placements, chip purchase and redemption), which may also include patrons’ personal data (name, nationality). IR operators also have a special duty to implement cyber security management systems and procedures, including to report cybersecurity incidents and potential data breaches to the authorities, under the 2019 Macau Cybersecurity Law as private critical infrastructure operators. SOLUTIONS FOR THE CHALLENGE The dramatic rise in the collection and use of data has not generally been matched with a proportionate expansion of the in-house data privacy team, despite the critical nature of data privacy compliance to IR business continuity. To tackle the ever-increasing complexity of the work,