Luigi Leonardo

View Original

Privacy 101: Keeping your data to yourself

Privacy is one of those neat, little things in life that you never really notice until it’s been taken away from you. Privacy issues may not be included in global headlines, but they are everywhere. Our own personal details are collected and processed every single day by both known and unknown organizations. Isn’t that a scary thought?

How do we know that our personal lives aren’t placed in jeopardy by all this data collecting? A lost wallet or a stolen password can ruin your day. Placed in the wrong hands, the leak of your intimate details can also be devastating. It’s time to sit down and have a serious talk on privacy and the potential risks it carries.

Jeopardized existence

We live in a world where data is collected from everything that we do: credit card purchases, data usages, Uber destinations. Even something as harmless as a friend asking where you are right now can be a target for social engineering. These nuggets of data are used to tailor-fit and improve services, but people with more sinister agendas can easily manipulate them to their own ends. Where we are, what we purchase, what we believe. The most “harmless” damage these can incur is how companies target and bombard you with pointless ads. Scale it up and you’ve got the potential for identity theft.

Data is a double-edged sword. Our data is collected all the time. Through this, we exist. We are in the system, in the world. Ironically, because we exist, our very own existence is threatened.

Edward Snowden, instigator of the arguably the world’s craziest data leak, proves that a data leak can lead to the ruin of entire governments, whether for good or for bad. And yes, it can be good. Conspiracies can be brought to the light. Wrongdoers can be punished. It’s the ethics of privacy violation that’s iffy.

Handled right, big data can also lead to scientific achievements and human progress. Late last year, data analysis by one Dagupeño successfully ceased all new dengue outbreaks in his home province. That’s only a tiny taste of how the science community has used surveys and observations to solve problems, formulate cures, and expand human knowledge.

With that in mind, the goal is to help the good guys and keep the bad guys out. We can’t stop the data process. It’s how the world works. As individuals, the best we can do is to be mindful how we store and manage our data. Strengthen your passwords. Be careful with whom you share your sensitive information with. Remember: if a person isn’t your friend or part of your family, there’s absolutely no reason why you should share anything about you. (That includes any kind of telemarketer, folks.)

A company’s accountability

Individuals aren’t the only people responsible for our privacy. Companies who handle our data carry the much heavier burden of handling data properly. A data-owning company has the responsibility to properly store, process, and dispose of data. When a company’s data is hacked or leaked, the individuals who trusted the company suffer. An employee could have been careless with how he/she disposed of sensitive data. A black hat hacker organization could have specifically targeted that organization. Whatever the case, accountability falls on the company.

In 2012, the Philippine government created the Data Privacy Act of 2012 to promote both individual privacy and innovation using data. The Republic Act is designed to prevent irresponsible use of collected and processed data. While the Act was created five years ago, Implementing Rules and Regulations was created on August 24, 2016. Its implementation took effect fifteen days after its publication. Companies will have only until September 7th (a year after its implementation) to comply with the regulations set forth in the Data Privacy Act. To aid in its administration, the government has created the National Privacy Commission (NPC).

A compliant organization (with at least 250 employees or 1,000 individuals in its database) is required to have a Data Protection Officer assigned, notarized, and registered with the Commission. Further, the same company should manage its data according to proper privacy principles and promptly report data breaches if and when they occur. If, by September 7th, your data is in the hands of a non-compliant organization, you may be at risk. If required companies haven’t complied by the deadline, they may be looking at substantial jail time and steep fines.

The Data Privacy Act puts a premium on every citizen’s privacy rights. The NPC has wasted no time in calling out organizations who have violated privacy rights since its creation. The headiest recipient of NPC’s admonishing is the COMELEC leak early last year. Deputy commissioner Dondi Mapa estimates the damage of that catastrophic fumble to be at least 2 billion pesos.

Technological support

Private tech companies have also taken an interest in protecting our privacy. Big names in Silicon Valley have proclaimed themselves as stalwarts of privacy rights. Google, Microsoft, and Apple have promised their users privacy in light of recent issues on privacy.

Locally, Microsoft Philippines is promoting its end-to-end solutions to help companies comply with the Data Privacy Act. Their cloud services and on-premises solutions aim to help companies locate and catalog personal data. Their package includes Microsoft Azure, Microsoft Mobility + Security, and Office 365. While they can also assert the security of their own services, Microsoft’s main goal is to aid in a company’s transition. Complete compliance is still to the company’s discretion.

Individually or organizationally, data privacy is a key issue that deserves more attention than it gets. Data solutions are great ways to ensure privacy, but absolute security starts with us. We are the first and most reliable line of defense against attacks on our privacy.

Edited and published in 2nd Opinion Magazine.