Data privacy and data security are two sides of a coin – unseparable. Despite efforts by experts to explain this, yet the misunderstanding that they defeat each other is still widely looming. In this APAC Cyber Security Summit held in on 3rd June 2016 in Kuala Lumpur and attended by more than two-hundred regional participants, I took another attempt to explain this: How protecting one’s data privacy can contribute to a larger information security practices. Not coincidentally, one can see it from the other side: In order to afford maximum protection of one’s privacy, efforts must be taken to secure his data. Thus, data security is part of a bigger personal data privacy protection. Confused? Don’t be.
The truth is, personal data management does include protecting its confidentiality, integrity and availablity. And doing so, it means one must ensure the privacy and security of personal data goes side by side.
In a report released by the PriceWaterhouseCoopers (PWC) in 2016 on Personal Data Use Governance – Mitigate Risk while Unlocking Business Value, there is a sfift (or more sutiably, an expansion) of personal data risks landscape from merely a security and regulatory issue, to an intersection of issues of ethical, regulatory, litigation, security and serivce quality.
At this Conference, I highlighted the latest status and implementation of the Malaysian Personal Data Protection Act 2010 and tried to show how the new regulatory framework reshape the landscape of information security in Malaysia.
The points can be summarised as follows:
Perspective #1. PDPA 2010 creates data management principles
Perspective #2. PDPA 2010 spells out the duties throughout data lifecycle
Perspective #3. PDPA 2010 identifies data risks
Perspective #4. PDPA 2010 creates new data offences
Perspective #5. PDPA 2010 creates duty of data due diligence
This year’s ISACA Malaysia’s Conference is renamed a CyberSecurity, IT Assurance & Governance (CIAG) Conference 2016, held on 30th May 2016, in Le Méridien hotel, Kuala Lumpur. My friends and colleagues in ISACA Malaysia are kind enough to invite me for the fourth time in their annual national conference. Last year, I was invited to speak about the pros and cons of Internet of Things (IoT) in the form of a debate, together with a representative from the Malaysian Digital Economy Corporation (MDec).
In this year’s edition, I was seated in a panel discussion to speak about the protection (or Assurance) of privacy in the cyberspace. With me as panelists are Mr. Retnendran Subramaniam CISA, CRISC (former ISACA Malaysia chairman) and Mr. Victor Lo, the Head of Information Security, InfoTech Division, MDeC. The panel was moderated by Mr. Jason Yuen from the Ernst & Young Malaysia. Continue reading “Privacy – How to be Assured in Cyberspace”→
Today I will be speaking at the IT Governance, Assurance and Security Conference 2015, held annually by ISACA Malaysia and the Malaysian National Computer Confederation (MNCC). In the slotted debate panel, I will be speaking about the problems and challenges brought about the Internet of Things (IoT) vis a vis individuals’ privacy. My debate counterpart will be Mr. Hizamuddin from MDEC.
Here are some details:
And here is for the event link:
The summary of my points are aa follows:
=== IoT vs Privacy ===
1. IoT is conceptually flawed/problematic because it equates human and other objects (“things”)
* Under EU Data protection law, there is a legal rule protecting individuals against data automated processes
* IoT, like any other innovations, is wrongly perceived as technical matters, not really human affairs
* Privacy is a fundamental need, its protection cannot be sidelined, reduced or outsourced to others (including things)
2. Businesses looking for a quick RoI, invested only on technical requirements, not on the prerequisite culture
3. Those countries who introduce IoT (US, EU, Japan, Korea) are already equipped with a strong privacy laws, unlike Malaysia where the law is in the making at initial stage.
I will be speaking on the above topic this week (Tuesday, 18th February 2014) to IT Governance professionals affiliated under the ISACA Chapter Malaysia. I was informed at least one hundred people will be attending.
This will be my first speech on PDPA after the lapse of 3-month grace period set up by the PDP authority in Malaysia. I can foresee the level of enthusiasm from participants is high.
In less than three weeks (since I spoke in GIGS2013 Summit), this Big Data concern had had me involved in more direct and personal way. The Malaysian chapter of the Information Systems Audit and Control Association (ISACA) – yes, you’ve heard about their CISA and CISM professional certification, that’s their product – will hold its annual IT Governance, Assurance and Security Conference on 18-19 June 2013 in Kuala Lumpur, Malaysia.
The massive intersection between the Big Data, security issues, compliance as well as data protection legislation had taken me into the epicenter of the complicated development of IT governance: I will be delivering a keynote address of the event with my paper entitled: Beyond “personal”, “data” and “protection” – How the Data Privacy Law Transforms Business Landscape in Malaysia and Beyond. — wow, that is.. long!