The Blue Oceans for the Data Protection Officers (DPO)

By: Sonny Zulhuda

I recently concluded my talk at this event called Data Protection Excellence Network Forum 2019 upon invitation by Singapore Management University (SMU) and Straits Interactive on Tuesday this week (11/6/2019).

Featured together in the opening panel session with me were Commissioner Raymund Enriquez Liboro (Chairman of the Philippines National Privacy Commission), Dr Yudhistira Nugraha (Ministry of Communications and Informatics of Indonesia) and Kevin Shepherdson (Straits Interactive Singapore) discussing the trends and challenges of data protection law in the region and the new market demands for Data Protection Officers (DPO). The event with over hundred attendees were officiated by Dr Lim Lai Cheng who is the Executive Director of the SMU Academy.

Each of us spoke about the regional development of the data protection laws in Malaysia, Philippines, Indonesia and Singapore respectively.

Malaysia had first enacted the law in 2010. Both the Philippines and Singapore followed the suit in 2012. Indonesia is currently preparing a draft bill and is expected to legislate by next year (2020). In term of enforcement, Singapore has recorded dozens of imposition of fines and notices against contravention of their personal data protection law. Meanwhile, the Philippines may only expect enforcement to begin next year in 2020.

In Malaysia, efforts to implement the law come in a combination of prosecution, inspection, establishment of codes of practices as well as public education.

There are in Malaysia at least five successful prosecutions of data users who contravened the PDPA 2010. Besides, it was noted that six sectoral data fora had registered their Codes of Practices (COP) including the banking and insurance sectors, electricity, telecommunications, aviation, and legal services.

In 2018 alone, the office of PDP Commissioner has carried out at least 57 inspections on data users nationwide. Empowered under section 101 of the PDPA 2010, such inspection is meant to promote the compliance of the law while trying to correct and improve the practices by data users in term of processing personal data.

Screenshot_2019-06-14-08-48-17-927_com.microsoft.office.powerpoint

There is one interesting finding from the talk session. Each of the four countries commonly view that it is necessary legally for the data users to appoint a Data Protection Officer, a specifically designated high-level official to oversee the increasing challenges of data governance. Singapore and the Philippines have this in their laws. Indonesian draft bill includes this. And Malaysian government looks out to consider this matter in their ongoing review of the law.

This DPO is a blend of new skill. Straits Interactive noted that each lawyers and IT professionals make up to about 30% of the DPOs. Others come from business managers, HR, accountants, marketing as well as others. Therefore there is now an emerging need to somehow standardise the skill, hence the need for certifications. The good news is, this skill is acquirable.

In that Forum crowded by more than hundred of data users and data protection professionals from Singapore and the region, the demand for this market could not be overstated. It is simply obvious and there to grab.

So the ultimate message we had for all the lawyers, IT professionals and virtually everyone.. Is that there is a blue ocean in front of us now for the highly demanded data protection professionals. Let us swim there!

Advertisements

Information Governance and Dark Data Management

By: Sonny Zulhuda

Next week on 7th July 2015. Carlton Hotel, Singapore. The event’s name is Innoxcell Asia Symposium 2015 on Legal Risk, Compliance, e-Discovery, Financial Crime, Corporate Governance and Data Privacy.

I will be speaking on one compelling issue concerning the information governance, namely dark data management.

Dark Data (credit: http://www.cio.in)

Dark Data (credit: http://www.cio.in)

Techopedia defines “dark data” as “a type of unstructured, untagged and untapped data that is found in data repositories and has not been analyzed or processed. It is similar to big data but differs in how it is mostly neglected by business and IT administrators in terms of its value.”

Dark data is operational data that is not being used. Consulting and market research company Gartner Inc. describes dark data as “information assets that organizations collect, process and store in the course of their regular business activity, but generally fail to use for other purposes.” (Citation from TechTarget).

It was reported in Forbes that these class of data, similar to dark matter in physics, cannot be seen directly, yet it is the bulk of the organizational universe.

The background of this talk is the fact that the amount of operational information —both structured and unstructured— that companies create and store are drastically increasing due to digitisation and mobility. Dark data management emerged as another challenge for corporate information governance. Under the increasing pressure from new regulatory regime and consumer expectation, corporate data must be well managed if companies wish to survive in today’s information age.

In this session I will explore the nature of corporate information legal risks in the context the Big Data and offers insights on information governance to transform data from a liability into an asset.

For more on the event: Innoxcell Asia Symposium 2015 on Legal Risk, Compliance, e-Discovery, Financial Crime, Corporate Governance and Data Privacy. Will be speaking alongside prominent international speakers, who can be retrieved from here.

Do-Not-Call Registry (DNCR) to Protect Personal Data?

By: Sonny Zulhuda

In March, I featured in The Sunday Star (9/3/2014) reporting on the need to establish a “Do not call registry” to protect people’s personal information. The main issue discussed was to scrutinize an initiative to have a DNCR and its operational and legal challenges. The full report can be traced here.

Image

 

The question that was posed to me was: (1) How good is the idea of DNCR for Malaysian consumers? AND (2) Do you foresee any issues that might arise when they  implement this?

Here are my comments:

  • The PDPA 2010, unlike Singapore’s law, does neither provide nor mandate specifically about Do Not Call (DNC) registry.
  • Nevertheless, DNC registry is an advanced step towards protecting individuals personal data, therefore it is highly commendable. It does require a carefully-structured procedure and rules. Continue reading

Bank and personal data protection: Why care?

By: Sonny Zulhuda

pic from: mortgagechiliblog.com

Contrary to the traditional belief, information is no longer a mere business processing tools. It is now the very asset that turns to become the commodity of the business itself – becoming more powerful and valuable than any other physical assets. And this is particularly obvious in financial and banking industries where the acquisition of personal data and the adoption of information technology (IT) have both transformed the banking industry as well as the associated operational risk management.

The demand to protect personal data in banking industry comes mainly from two factors. Firstly, the consumers are getting increasingly aware of their right to data privacy. The bulk of their data such as personal and family data, financial information, credit history, employment records, or legal matters are now the target of many predators who wish to acquire them for their benefit, ranging from unsolicited direct marketing, loyalty program recruitment, credit card applications, and even for malicious intent such as identity theft and fraud (or “phishing”).

Continue reading

ICANN Fellowship – Notes and Nodes

By: Sonny Zulhuda (an ICANN Fellow)

Twenty-three fellows, from twenty countries, of five continents, of diverse background and affiliations, met and gathered in one room called Morrison in Raffles City Convention Centre, Singapore every 7-9 morning from 19th to 24th June 2011.

Under the mentoring of one passionate soul Janice, they intensively learned about a new world famously known for its administration and management of the world’s Internet, and infamously known for its excessive use of acronyms and abbreviations (wink) — ICANN (well.. the Internet Corporation for Assigned Names and Numbers, that’s it). Uuh.. about the excessive acronyms, thank God they created the portal, see it here. ^_^

The ICANN Fellowship is indeed more than just the dawn meeting routine. In fact, in every day in the whole week, there were approximately not less than a dozen meetings, briefings or discussions that may go parallel to ensure the fellows are kept busy. At few occasions some fellows (like me) tried to make use of the Remote Participation facility to grab two or more discussions at once — which ended un-impressively mainly due to our incapability to basically follows two things at one time.

But we are all certain that this Remote Participation facility is there not without a reason. There are times where one could not be there but is willing to follow the discussion, retrieve the materials or even ask questions. And that is what has happened, efficiently! Isn’t that awesome?

Continue reading

  • September 2019
    M T W T F S S
    « Aug    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,630 other followers