“The world is facing a reset button in how it conducts business,” according to Straits Interactive Chief Executive Officer and Founder Kevin Shepherdson.
The first Data Protection Excellence Network Forum and Masterclass held on June 11 and 12, 2019, in Singapore brought together field experts from across the region to discuss and explore how the global landscape of data protection laws are affecting us.
It provided a platform to network with the data protection and privacy community, especially for those new to the field, as practical and insightful information and guidance was shared on a variety of data protection, privacy and security topics.
With digital revolution, as well as the developments in big data, such as machine learning, artificial intelligence, emerging technologies and Internet of Things, there arise threats to loss of reputation, individual autonomy, discrimination and identity theft.
Privacy Commissioner Raymund Liboro of the Philippine National Privacy Commission (NPC), who attended the meeting, stressed that, “privacy is a right but processing is not. There are legal obligations in processing personal data; with it, comes social responsibility. The data privacy officer should go beyond legal compliance.”
For the first five months of 2019, the NPC has received over 800 complaints and almost 300 notifications.
There are currently 120 jurisdictions in the world with data privacy laws. Indonesia and India are about to pass their comprehensive laws, while China already has its Personal Information Security Specification and Malaysia, its Personal Data Protection Act.
“In Asean, digital innovation is encouraged, while promoting consumer protection and greater movement of data where no one is left behind,” Liboro stated.
Among the trends in the “danger zone” of the data protection officer (DPO) are:
- The increasing number of privacy breaches;
- Enforcements;
- New laws and regulations;
- Greater demand for accountability; and
- Data privacy skills shortage.
- Common mistakes in organizations are:
- C-level not aware and not committed;
- DPO takes role reluctantly, not knowledgeable, has little influence;
- Operational level not properly trained; and
- Business unit managers do not understand and regard data privacy as extra work.
When incidents and breaches occur, in addition to following procedures, timely communication to all stakeholders is key.
While data privacy is seen in the bigger picture of building trust in business generating employment, promoting social stability and innovation, the heads of organizations and responsible officers must be ready to pay fines and penalties and/or go to jail for violating data privacy laws. And so, companies are advised to prevent risks from turning into disasters.
If assistance is needed, e-mail me at schumacher@eitsc.com.