It is apparent that Asia has the potential to both fast track its evolution and even overtake where Europe is right now in terms of privacy. Europe stands at a crossroads with its General Data Privacy Regulation (GDPR), which will revolutionize the role of the Chief Privacy Officer. The privacy role is critical in an organization, and we need to embrace that opportunity.
In Asia there is continual talk about the Internet of Things, Internet of Everything, Big Data, Cloud, Artificial Learning, Artificial Intelligence, Machine Learning. All these areas are driving quite serious questions around privacy. The privacy professional has to come up with the goods – they can’t just sit there and be able to recite the rules, as they did in the year 2000. The choice for privacy professionals and especially the Chief Privacy Officer is whether to take on this challenge in a passive way or an active way.
Ethical treatment of data is going to become increasingly important. We are already engaged as privacy professionals in considering what should be done with data, rather than simply what could be done with data, which is what data ethics is all about. The ever present risk is that we limit ourselves with a focus purely on regulation, on the programs for protection of data and information security. It’s not an ‘either / or’ proposition – the future privacy professional has to be able to focus on regulation and ethics in an active way. And the Chief Privacy Officer will have to lead the way as we as privacy people are steeped in notions of ethics, fairness, transparency, consent, purpose, limitation and accountability. These principles need to be explained to the stakeholders in the business – including senior management, revenue generators and IT professionals.
It’s important to note that it’s not inevitable that the Chief Privacy Officer and privacy leaders will become the arbiters between the individual and the corporation. It’s not inevitable that we will start to engage with other questions around data ethics and how data should be used in organizations. This could go to other people within an organization. It could go to the Chief Data Officer, the Chief Information Officer, or the Chief Marketing Officer. All these stakeholders already have opinions on these areas.
At a crossroads
In Europe right now, they are at a turning point because the mandatory Data Protection Officer role as the data privacy regulations will create 28,000 mandatory DPO roles. Same as in the Philippines they don’t have those people, so we’ve got to find them. We’ve then got to work out how that function works.
We have a choice. I very much hope that we still carry on this trend of DPOs being more engaged, bigger picture, and involved in data ethics and challenges. However, my fear is that we’re going to see a resource shortage of DPOs within Europe and the Philippines and a regression to people training up purely just to have this box-ticking role. It’s a very exciting world in which to be a privacy practitioner within Asia.
And while we still ponder the crossroads and where to find a DPO, we have to bear in mind that the Philippine Data Privacy Law is very demanding and that data breaches can be very expensive for companies that don’t have security measures and data security staff in place.
The European Innovation, Technology and Science Center Foundation (EITSC) – in partnership with data privacy and IT experts – will run workshops on Data Privacy Compliance and will train DPOs. If you are interested to join, contact me at firstname.lastname@example.org.
by: Henry J. Schumacher