MANAGEENGINE, a technology company, said that right systems need to be in place to ensure that the country鈥檚 data privacy policies are adhered to, amid fears that the data collected for coronavirus analysis could be later used for surveillance purposes.

鈥淏usinesses need to implement responsible data collection and processing practices to remain compliant with data privacy regulations,鈥 Rajesh Ganesan, vice-president of product at ManageEngine, told 大象传媒 in an e-mail interview.

鈥淥rganizations need to incorporate methods to monitor and record numerous aspects of their operations, such as employee data, financial transactions, and network logs, to demonstrate conformance,鈥 he added.

The implementing rules of the Data Privacy Act require the National Privacy Commission to manage the registration of personal data processing systems in the country. Ethical hacker Allan Jay 鈥淎J鈥 Dumanhug told 大象传媒 in a recent interview that many startups appear to be unaware of the law, which is why the government should penalize those that violate it, or else these lapses will persist.

鈥淓ven organizations with a strong focus on regulatory compliance struggle to keep up with the list of requirements owing to regulatory uncertainty, insufficient visibility, stringent enforcement actions, and changing technological environments,鈥 Mr. Ganesan said.

He noted that a major concern that has emerged over the last few years is managing the large-scale collection of personal data.

鈥淭he pandemic offers a clear example of this: Contract-tracing cloud applications were鈥 utilized to combat the coronavirus pandemic, and these store personal data that could be compromised by sophisticated cyberattacks.鈥

鈥淲hile data analytics has played an undeniable role in studying the spread of the infection, it is imperative to monitor how organizations are processing the data collected from mobile phones, health screening apps, and more,鈥 he also noted.

He said that the best practices for businesses to achieve compliance include forming a governance, risk, and compliance team; integrating compliance-related activities across departments; and developing compliance dashboards that show teams鈥 risk management and audit readiness.

Mr. Ganesan also outlined cost-effective strategies for ensuring data privacy and cybersecurity without breaking the bank, including building a robust risk management framework, training employees on regulation and compliance, and developing mechanisms for escalating regulatory and compliance issues directly to upper management. 鈥 Arjay L. Balinbin

RELATED ARTICLESMORE FROM AUTHOR