Privacy questions ASEAN leadership may want to ask its institutions for 2024 and their ASEAN Community vison 2025
Azim Lakhani
Results Driven Project Manager, Tester Windows 10 to 11 Conversions, Regulatory Compliance, Healthcare IT/HIM, RFID Author
Privacy questions ASEAN leadership may want to ask its institutions for 2024 and their ASEAN Community vison 2025
?Article 5 of 5. asean:? Data and privacy protection in ASEAN – what does it mean for businesses in the region?
ASEAN: Southeast Asia moves closer to economic unity with a new regional payments system. Privacy is the focus and a very small part of the overall solution process.
From Bloomberg – Karishma Vaswani – Japan Time
Privacy, Data Breaches and Fines
ASEAN at this moment, October 2023, does not appear to have ASEAN specific fines for privacy and data breaches.? I was not able to find any specific information on fines and penalties.
Links:
1.?????? ASEAN COMMUNITY VISION 2025
Page 13, Article 7, (ASEAN Political -Security Community)
From: PUBLISHED SUN, JUL 30 20237:00 PM EDT Nyshka Chandran@NYSHKAC
?Summary:
In relation to ongoing and new privacy concerns, it would be presumptuous for us to suggest ASEAN centric solutions. The need is urgent and immediate; however, the greater need is a framework that is open, flexible, and adaptable to rapid implementation.?
The hope is to request questions from ASEAN staff and members states.? It will create an atmosphere of open communication, discussions and more consultations.? Prompting the ASEAN leadership to create strategies that can be implemented.
Privacy is a small and important part of the ASEAN FinTech environment. Implementation of basic privacy principles will be key driver in determining its regulatory compliance.??
?3 benefits of early execution of privacy policies and a leadership focus on ASEAN needs.?
(1)??? Leadership. The ASEAN member country that executes the recommendations from various committees will be “leader country” and the “source of truth”. It will lead in creating templates of implementations, creation of standards, policies and procedures that other countries may use.
(2)??? Implementing privacy practices that are regulatory compliant will save a lot money. Some estimates suggest a 70% to 200% saving in the first year and ongoing savings in maintenance costs.? It may allow singular policies and procedures that are flexible and forward looking.
(3)??? Opportunities. Currently the leadership and direction in cyber security may be based on the G7 or the G20 countries perspectives based on their business and geopolitical needs. The urgent challenge is to cultivate and create a new leadership tooled in an ASEAN perspective to benefit their business and geopolitical needs. Examples are BRIC and the use of local currencies. It may seem strange to include trade and currencies and yet they are part of the privacy equation.
?Introduction to ASEAN for new subscribers.
ASEAN has a population of 634 million, a combined GDP of US$3.6 trillion reported in 2022 and is currently the sixth largest economy in the world with total trade amounting to US$3.8 trillion.
The region’s forecasted annual growth of five per cent sets expectations that it will become the fourth largest economy by 2030. These numbers portray a region that is full of potential.
The ASEAN Economic Community (AEC)
The ASEAN Economic Community (AEC), established in 2015 will allow businesses to capitalize on opportunities in the region as an integrated market with a market reach of over 600 million instead of 10 fragmented economies and lesser impact.
With the AEC in motion, the region is now working towards a new vision - ASEAN 2025: Forging Ahead Together.
?ASEAN 2025 is a forward-looking roadmap that articulates ASEAN goals and aspirations to realize further consolidation, integration and stronger cohesiveness as a community – collectively working towards becoming “politically cohesive, economically integrated, and socially responsible”.
?
Secretary-General of ASEAN conveys ASEAN’s priorities in 2024 to TVRI News? February 22, 2024
Secretary-General of ASEAN, Dr Kao Kim Hourn, discussed opportunities and challenges faced by the region and how ASEAN can maintain its unity, solidarity and cooperation to prosper amidst the current geopolitical landscape.
?Ongoing questions and concerns on direction and applications
Some of the questions asked in 2018 by Mr. Thio Tse Gan for Deloitte SE Asia are still relevant. We now have more foundational questions for organizations like ASEAN to consider.
Privacy, Data Protection and Governance (GRC) questions to ask for 2024/25
The ask of a Privacy Officer of a member country of ASEAN is to think about their country needs in an ASEAN eco-centric environment. ?Some questions to get the process going.
???????? I.??????????? Vision Statement. What is ASEAN’s vison statement for 2024/2025?
a)?????? ASEAN has a vision statement for 2025. On page 13, article 7 under ASEAN Political-Security Community, there is a general vison statement.
b)????? Does your vision statement have additional details and deliverables?
???? II.??????????? Unified Policies. Do your organization’s business operations have the current Privacy, Data Protection and Governance policies for all ASEAN member states?
? III.??????????? ?Privacy Data Collection. What Privacy Data does your business collect? Have the procedures and controls been updated to reflect current changes?
? IV.??????????? Privacy Data Storage. Where does all your Business Privacy Data reside? Is It backed up, encrypted and has deterrents against both institutional and local hackers?
???? V.??????????? Who are your business customers? This is a difficult question to answer. Where do your customers reside and are you sure you are meeting their needs? This question addresses the fact there are multiple ASEAN privacy policies.
领英推荐
? VI.??????????? ?Are your business data and privacy concern the same as the G7 Countries? This is the fundamental question and possibly one that may require long term strategy review and deep thought that are more sociological and cultural.? Are your data and privacy concern the same as the G7 Countries? In the words, are your economic, social, societal and privacy concerns the same as the G7?
VII.??????????? Business Roadmap for the next 5 years. Using the Vision Statement from (i), What are your businesses deliverables to meet current and future needs.
?Ongoing questions and concerns on direction and applications
?Some of the questions asked in 2018 by Mr. Thio Tse Gan for Deloitte SE Asia are still relevant. We now have more foundational questions for organizations like ASEAN to consider.
VIII.??????????? New skilled leadership. Do we have skilled leadership with new tools delivering new knowledge will add to a better an understanding, rapid implementation and the creation of automated applications.
?Privacy challenges from 2018 when GDPR was the “new” compliance standard for business to consider.
Mr. Thio Tse Gan from Deloitte Southeast Asia branch in 2018 had the following thoughts. At that time GDPR was one of the main movers on data privacy thought.
1.?????? New Data Subject Rights – GDPR (EU) Data Portability. Individual rights to access their personal data on request. Rectification of inaccurate data and transfer to another data controller /service provider.
2.?????? Extraterritorial Applications of the GDPR. Appling the EU privacy rules to businesses outside the EU and those businesses must process data according to GDPR guidelines.
3.?????? Maintaining records of processing activities.? Must include an in-depth review and the breath includes a proactive and collaborative approach within ASEAN members. A central register, process with clear roles and responsibilities, risk management to create streamlined processes.
4.?????? Privacy by Design and by Default. A design mandate to have privacy a default setting in the development of any product or service. It includes the protection of privacy to build trust between the customers and businesses.
5.?????? Pseudonymization and its use in profiling.? The use of encryption to translate identifiable parts of personal data to unique artificial identifiers using algorithms, and hide the data linking the identity of the original person. This allows of processing of metadata and improves privacy practices.
6.?????? Security and Breach Notification. Both the controller and the processor are responsible for secure handling of privacy data and breach notifications including record keeping, remedy tickets, daily logs and lessons learnt.
?These are still valid and ongoing issues. In the following 5 years from 2018 to 2023, the challenges to laws, standards, policies, procedures, and implementation tools, deterrent policies and punitive damages have increased.
?The focus of this series of 5 articles is spotlight challenges of data privacy and not government policy.
?Another big challenge of interest to many ASEAN Privacy Practitioners is an impact of Artificial Intelligence (AI).
?A brief introduction of Artificial Intelligence (AI) and its application to Privacy and Data Privacy.
?In an article written by Clifton Dickens for ISACA titled “Artificial Intelligence, Intelligence: The security officer’s role in transforming contracts, culture, and corporate compliance, Clifton write “AI simulates human decision making, not thinking.”? It is different from Machine Learning (ML), Natural Language Processing (NLP, Large Language Model (LLM), and Generative AL (Gen AI).
?AI is NOT intelligence, blind or one click automation, and is fallible. In other words, the privacy officers still have to think, strategize, get stakeholder approval, create standards, policies, procedures and reports. AI is essentially a computer program created by a team of humans to be used to interact with data in manner that us “user- humans”, with all our fallacies and fault deem useful. AI is not business Intelligence (BI) as it stimulates human decision making, once again, thinking is not optional.
?Some of the current threats coming from the misuse of AI are application are Deep-Fakes image creations, creating spoofs and forgeries, covertly listening and analyzing your privacy information and privacy data, studying your defense’s and creating new AI polymorphic viruses.?
Artificial intelligence (AL). We are now moving away from spreadsheets to dashboards and platforms. The next frontier is at hand with Artificial intelligence (AL).
a)?????? The challenges remain and are more deadly. Small, state owners and malicious groups of hackers are now more creative.
b)????? They work outside state and international laws to disrupt and create havoc. Large and small law-abiding institutions are slower to respond and that allows these “hackers” to flourish. Local laws or lack of may be impending mitigation.
?I will be exploring this in a series of articles later this year (2024.) We will explore how to use AI to assist in creating privacy standards, policies, procedures and best governance practices.
?If you find this series of detailed analysis useful, please let me know with comments and suggestions.
?Footnote
Examples of new leadership
ASEAN CHIEF INFORMATION OFFICER ASSOCIATION?: “Unite, Innovate, Lead - Forging the Future of ASEAN’s Tech Landscape” 16th - 18th Jan 2024 (Bangkok)” Fruitful and energising annual ACIOA kick off meeting to discuss and align ACIOA missions and strategies to bring value and impact throughout ASEAN and beyond. New ACIOA Executive Committee (EXCO) line up lead by President?Hoo Ming Ng.
President: Hoo Ming Ng
Co-Founder, Emeritus President: Chaicharearn Atibaedya
Co-Founder, Strategist and Global Relationship Officer:?Hong Sin Kwek
Chapter President - Cybersecurity & Governance:?Dr Carrine Teoh Chooi Shi, CISSP, CBCP
Chapter President - Green & Sustainability:?Seong Wah TOH
Chapter President - Digital Transformation & Digital Leadership: Monysival TE Chapter President - AI, BlockChain and Robotic Chapter:?Kwok Yan Lam
Chapter President - Digital Youth & Entrepreneurship:?Jayren Teo 张健荣
Chief Communication Officer:?Audrey McGagh
Chief Legal Advisory: Chayatawatch Atibaedya
Advisory, FSI Sector:?Kitti Kosavisutte
Advisory, CII:?Yoke Sin Chong
Advisory, Laos: Phoukhong Chithoublok
Timely meeting as we unite and strengthen our bonds. Looking forward to work together to bring?ASEAN CHIEF INFORMATION OFFICER ASSOCIATION?to greater heights. Mel Migri?o 梅尔?Terence Siau #ASEAN?#ADM2025?#unite?#strategies?#tecnology?#digitallife
My apologies as this final article took a long time and I look forward to hearing from you with your advice on how to improve and your ideas and suggestions for additional content
#PMI #IAPP #Fintech #Japan times #Ray Domingo #AKDN #Dr Kao Kim Hourn #TVRI News Azim Lakhani #Chaicharearn Atibaedya
?