Five Data Protection Trend Predictions for 2022 - Webinar Summary

Straits Interactive and DPEX Network presented this webinar on 12 January 2022, as the impact of the COVID-19 pandemic continues to be felt all over the world. In this session, the panellists peered into the crystal ball to discuss what is the future of data protection and how it will affect you and your organisation.

This year, ASEAN’s founding members are expected to have more data protection laws put in place. With China having enacted its Personal Information Protection Law (PIPL) last November and India expected to introduce its own data protection law after years of deliberation, the entire region is pressing the reset button on data privacy. 

As questions arise about the Omicron variant and its impact, as well as the advent of new technologies due to accelerated digitalisation, what does this mean for the region and in our local context? 

During the session, which focused on key trends arising from continuing work-from-home (WFH) arrangements, employee surveillance, and the growing demand for data protection officers, Kevin Shepherdson, CEO, Straits Interactive, moderated a panel discussion with the following speakers:

• • Dr Fetri Miftach, Co-founder and Director at Xynexis International, a pioneer in security assurance service in Indonesia; Dr Miftach has been working closely with the authorities on the upcoming data protection law there
• • Edwin Concepcion, Head of DPaaS and Country Head for Straits Interactive in the Philippines
• • Lyn Boxall, Director of Lyn Boxall LLC, a Singapore law firm specialising in data protection/privacy

To watch the webinar in full, please sign up to be a DPEX Network community member, log in and visit the Resources > Videos section on www.dpexnetwork.org.

Breaches related to COVID-19 apps and digitalisation are ongoing

During the panel discussion which touched on data breach incidents that have plagued some contact tracing apps, and healthcare record systems, Dr Miftach highlighted the dilemma facing authorities, such as those in Indonesia. 

“When the pandemic hit, the government was scrambling to not only provide health services needed, but also had to provide a system that could not only trace but monitor people’s movements and the number of cases,” he said.

By prioritising convenience in processing large amounts of data, they ended up with a very integrated infrastructure. However, security measures were lacking and not included by design, hence a data breach led to the government disabling the app. “Unfortunately, they put security in second[ary] priority,” said Dr Miftach.

Data privacy legal specialist Boxall called herself “risk-averse” and said that vulnerabilities in contact-tracing apps will make her think twice about using her regular mobile phone on future travels. “If I have to download these apps for every country I’m visiting, I’m going to buy another mobile phone, one that doesn’t have my banking apps on it.”

“If I was a ‘bad guy’ thinking, ‘how can I get into people’s personal data?’, I would try to put malware into unsecured contact-tracing apps,” she said.

The panel also discussed the rising incidence of cyber attacks, the sophistication of deepfake technology and continued pressure on Big Tech companies from data privacy authorities as they pivot towards business models based on virtual worlds in the “metaverse”.

Work-from-home monitoring raise serious concerns over privacy

Shepherdson opened up the discussion on continuing work-from-home, or WFH, arrangements that may see a growing reliance on employee surveillance software, some of which may behave in highly intrusive ways by taking screenshots and recording other personal data, to check on the employee’s productivity.

“I call this the ‘Don’t watch Netflix’ Employer Syndrome,” he said. “You need to take this surveillance into account as part of your data protection and privacy practices, as many employers may be concerned whether you are really doing work at home.”

Concepcion shared that in the Philippines, such surveillance was already prevalent prior to the pandemic. “At my previous employment, myself and other employees had to provide our fingerprints, have their photos taken and key in their employee ID codes every day,” he said. “So there’s definitely a lot of monitoring and even CCTVs installed to watch the workstations.”

Continuing interest in data privacy certifications and strong demand for DPOs

With privacy trustmark certifications an option for organisations in Singapore and the Philippines, and the expected implementation of new data privacy laws in the region, the panel discussed the continuing interest in certifications for both organisations and individuals.

A strong demand for DPOs has been fueled by laws, such as in China and soon in Indonesia, that call for mandatory appointment of DPOs. In the aforementioned territories, the expected demand could be in excess of 500,000 DPOs in China and another 150,000 in Indonesia.

To learn more about data protection and to get certified, please visit the Courses page on www.dpexnetwork.org. 

Some of the questions asked during the webinar, and addressed during the question-and-answer session that followed the panel discussion, include:

• • What are examples of dangerous and excessive permissions in apps?
• • With extended work-from-home arrangements, should an organisation focus on cybersecurity before data protection – or the other way around?
• • Is there a certification programme (outside of China) for DPOs working in China?
• • What resources are available to help organisations understand corporate certification requirements and perform a gap analysis?
• • How does ISO 27001 compare with the Data Protection Trustmark?

To watch the webinar in full, please sign up to be a DPEX Network community member, log in and visit the Resources > Videos section on www.dpexnetwork.org.

Article by: Yong Shu Chiang and Kristine Larissa Yu