Jason Lau awarded as Executive of the Year for Data Privacy at HKB Management Excellence Awards 2021

Crypto.com Chief Information Security Officer’s exceptional leadership raised the bar for data privacy within the organisation, industry and championed data privacy initiatives both locally and abroad.

Crypto.com’s Chief Information Security Officer (CISO) Jason Lau took home the prestigious Data Privacy Executive of the Year trophy at the 2021 HKB Management Excellence Awards. The executive led the company to be recognised as one of the top data privacy leaders worldwide and has contributed to strengthening Hong Kong’s data privacy awareness and culture.

Jason supported the global mainstream success of Crypto.com by continuing to champion cybersecurity and data privacy as being core pillars of the business. The company attributed this achievement to the trust and credibility they have established through the strict implementation of cybersecurity and data privacy measures throughout their business practices, and in product and service offering to their global customers.

“In this day and age, growing adoption of FinTech is not solely driven by features and incentives. Customers are now demanding companies to have stronger security controls and giving customers more transparency and options with respect to their personal data.” Jason explained. “In other words, building trust with the customer, comes in many forms, from our product offerings, a security-first culture within the company, through to the contributions back to the local and global community, helps to boost the brand’s credibility in many ways”, he said.  Jason further added, “Strong cybersecurity, data privacy and compliance posture was a worldwide security-led initiative which added tremendous value to our organisation, which helped to build trust with customers, business partners and regulators around the world.” 

Crypto.com’s success was achieved through a multi-faceted approach. It is worth noting that the company was the first cryptocurrency company in the world to obtain multiple industry cybersecurity and data privacy certifications. Jason led the company to become the first fintech blockchain group to have company-wide security and data privacy certifications in ISO 27001:2013, ISO 27701:2019, PCI: DSS 3.2.1 (Level 1), third party attestation of the highest “Adaptive” tier when measured against the NIST Cybersecurity and Privacy Frameworks, and the proper qualifications, policies and procedures to conform with the Cryptocurrency Security Standard.

In addition to this, Crypto.com most recently completed their Service Organization Control (SOC) 2 audit, conducted by a globally recognised Big 4 audit and consulting firm, which affirms that Crypto.com’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, confidentiality and privacy. This independent validation of security controls is crucial for organisations operating in highly regulated industries.

In assessing the Executive of the Year Award, Jason’s commitment to data privacy within the local industry and global community was also a major contributing factor that stood out from the rest. Jason’s local commitment to nurturing future talent was evident whilst an Adjunct Professor for Cybersecurity and Data Privacy at the Hong Kong Baptist University’s award-winning Master of Science (FinTech and Data Analytics) programme, held the role of Regional Lead, Co-Chair and has a seat on the Advisory Board for the International Association of Privacy Professionals (IAPP), as well as being on the official Standing Committee for the Office of the Privacy Commissioner for Personal Data -- Hong Kong’s official regulatory body for data privacy. 

Jason was also behind the inaugural Hong Kong Data Privacy Forum in 2021, as one of the event organisers and official conference chairperson, bringing together privacy experts, regulators, legal professionals from around the region. On the international stage, Jason also contributes on cybersecurity and data privacy matters to the World Economic Forum (WEF)’s Expert Network, Forbes Technology Council and Think Tanks such as the Centre for Information Policy Leadership (CIPL). Jason is also actively contributing to improving cybersecurity and privacy standards as the Vice Team lead of the United Nation’s ITU Digital Currency Global Initiative, as part of the Security and Assurance working group. 

“With the evolving global data privacy landscape, companies need to try and stay ahead of data privacy risks by getting actively involved with industry and regulatory developments – it is no longer sufficient for a company to purely focus inwards to keep their house in order, and not be mindful of the changing personal data privacy requirements. These regulatory requirements will inevitably flow into technical measures and controls which need to be implemented in order to uphold the individual data privacy rights of your customers. This means that data privacy needs to be front and centre in any company’s business strategy.” Jason said.