I sat down with my Data Privacy Officer for lunch and asked a few key questions, which I think we all (as professionals and business owners) need to know right now, in order to get -and stay- in compliance with these new laws. I asked:
- What is ‘Data Privacy’ all about –really?
- Does it affect my business?
- What is the first step I need to take to get into compliance?
- Why is this a law or legislation?
- Is this just for the Philippines –or the country I do business in?
- How do I get a DPO (Data Privacy Officer)?
- What if I have cameras throughout my business?
- How can I lessen the data issue risk in my business?
- Why is this good for my business?
- Cyber Crime, Cyber Security and Data Breach, what’s the difference?
Consumer and citizen protection is the newest and hottest global topic right now. It is also at the core of the world’s biggest-emerging new industry and job market.
Since 1990; when computer scientist Tim Berners-Lee invented the World Wide Web and the ‘Computer Programmer’ or Geeks were taken mainstream -and got rich along the way, no other industry has had such a global impact. As the world of business scampers to level-up to this new, lucrative, borderless, information-tech-data world we are all living and benefiting from, the world is now seeing just how powerful the internet truly is.
I sat down with my Data Privacy Officer for lunch and asked a few key questions, which I think we all (as professionals and business owners) need to know right now, in order to get -and stay- in compliance with these new legislations. I asked:
Data. No matter where you are in the world, if you are doing business, then more than likely, you are doing some part (if not all of it) on-line, and data privacy is the newest regulation that everyone is talking about. All sectors; from global corporations, to boutique resorts, hotels, gyms, hospitals, call centers, BPO’s and doctors’ offices, as well as, on-line selling and even local government offices and foreign governments [outside the United States and the West], everyone is affected.
Top Risks. Specifically, schools, hotels, resorts, banks, online businesses, professional practitioners, hospitals and clinics are at the top of the list of businesses which MUST abide by Data Privacy Laws. The reason is because of the inherent traffic and high numbers of customers/guests/patients they handle on a daily and annual basis –both online and in person. Such as, personal, sensitive and private data, like real names, marital status, credit information, surveillance video, birth dates, social security numbers and medical status. Therefore, at minimum the policy and procedures of the business must be explicit in regards to their data privacy policies.
The Philippines. But, if you are in the Philippines; one of the data, text and social media capitals of the world, then, data privacy is a huge business innovation which has changed the way business is done in the country. Just a decade ago, many banks in the Philippines were still using manual calculations, paper accounting, and contracts. No longer are the days of paper trails, password sharing, data breaches, data hacking, selling and loss acceptable.
Thanks –or no thanks- to massive hacks and selling to 3rd parties by mega US companies like Google, Equafax and Facebook, foreign governments such as Russia and Saudi Arabia, media and corruption giants like Jeff Bezoz vs. The National Inquirer [AMI US], nearly every company in the world now must comply with data privacy laws –in and outside of the country in which they do business.
To get an understanding of what data privacy is all about; along with The American Press Service (T.A.P.S.), I took my friend Joel Tiongson, one of the first Accredited Philippines Data Privacy Officers (DPO’s) to lunch in his hometown of Bulacan, Philippines at Amigoo’s Steakhouse. Joel enjoyed the Prime Rib, while I had the Spicy Chicken Wings and a Amigoo’s Signature Margarita.
THE 10- BASIC DATA PRIVACY MUST-KNOWS
1. What is ‘Data Privacy’ all about –really?
DPO: ‘Data Privacy’ is a right of all citizens. It is the right to be left alone if they would like to be, just like no trespassing or ‘breaking and entering’ or burglary of someone home or business is illegal and common knowledge. Someone can simple say ‘…don’t come to my house!’ and if you do, you have ‘the right’ to call the police, press charges or even kill an intruder legally. Now, people are looking for more protection when it comes to their basic, personal, medical, financial and critical data.
2. Does it affect my business?
DPO: Yes. It affects nearly every business on the planet. First of all we are all global citizens, and can also be at risk of data harvesting and misuse. As well as, entrepreneurs, business owners, employers and salespeople, you gather information which needs to be protected and used for the agreed reason in which it was given to you. At the least, informing customers and staff of the data you collect is needed.
3. What is the first step I need to take to get into compliance?
DPO: The first step should be researching and educating yourself from all the data privacy information on-line. Perhaps then consulting with an international business development group such as KA&CO America [www.KareemAntonio.com] to see how it may affect your business overall. Or, if your business is based in and doing business in the Philippines, it’s the Data Privacy Commission [www.Privacy.gov.ph/data-privacy-act] which regulates and can give insights. Then, having a conversation with a Certified and/or Accredited Data Privacy Officer like myself, is the best first action step. We can get you on the right track.
4. Why is this a law or legislation?
DPO: Technically, it is a ‘right’ which was made a law or piece of legislation to enforce the rights. It is an opportunity to embolden marketing and customer confidence for companies who have been already taking steps to protect customer info, data and who have not been mishandling the data. Customers eventually will only support companies who can express good service and data privacy standards. Like customers who choose the safest banks, or FDA approved products, BBB Member companies or organics; now, Data Privacy Conscious companies will be the new standard.
5. Is this just for the Philippines –or the country I do business in?
DPO: It is a wave from the West, just as the Information Age wave came from the West, and the world is now interconnected, digital and a global market place. Data Privacy itself has been around since the workable prototype of the internet was created by ARPANET in the late 1960s, originally funded by the U.S. Department of Defense as a way to gather intel and to communicate globally with multiple assets. The legislation applies to every citizen and nearly every country. For example: A decade ago, in the US, if you worked at a call center doing sales or debt collection, and you would call out of state, you had to know and abide by that states’ calling, harassment and solicitation laws. Today, companies which do business globally, are required to comply with those countries’ Data Privacy Laws.
6. How do I get a DPO (Data Privacy Officer)?
DPO: After you have talked to a business development company, they can give you some great advice. Then, if they have a DPO, or there is a law firm with a DPO, you can retain someone like me to go through and assess your business initially. Simple innovations such as, limited employment applications, privacy statements on your websites, emails, and video cameras, just to name a few. Additionally, the updating of inter-company data sharing, websites and customer information can be simple things to initiate immediately.
It all starts with a consultation, and then, usually, an upper-level management one-on-on, eBook tutorial, seminar or summit where the DPO Consultant can discuss the topic and how it may affect the business.
7. What if I have cameras throughout my business?
DPO: Well, that is very common in the Philippines, even at the smallest businesses, homes and even in public areas such as neighborhoods, street light crossings and high traffic areas.
In the business, you must have a Privacy Notice of some kind, which starts with a conversation as to why you have the cameras, how the images are viewed, used, stored and disposed of. Ultimately, businesses have rights also, and a responsibility to monitor and conduct oversight; the customers and employees have first right of refusal. But, they must be made aware.
8. How can I lessen the data issue risk in my business?
DPO: Simply limit the data you request. Many of the companies which I have come in contact with, or manage, use outdated data gathering means and paper-based storage techniques.
For example: in today’s ‘equal-opportunity’ employer culture, there is no need to ask 50% of the questions which are asked on many applications. Questions such as marital status, sex, religion, health and even age are outdated and not needed in most of today’s job markets. So, why do companies still ask? It’s the gathering of sometimes discriminatory, ‘un-needed’ and now, ‘private’ data. Also, having paper disposal, shredding, or purging process, time and central location is a great thing to have in place.
9. Why is this good for my business?
DPO: The law has been in full-affect for just a few years –technically. But, the value of privacy has always been valued by customers, consumers and citizens at-large. Companies who have initiated and maintained, great service, business and quality standards are hailed by consumers and typically more profitable; an ISO Certification for example should be a base standard not the goal.
Just as now, Data Protection Legislation is the low bar and should be the base. Companies who adopted ‘customer privacy’ and ‘security protocols’ early, not only set the standard for today’s data privacy, they also have a huge marketing advantage over their competitors who did not. Millions of consumers, look for ‘privacy’ logos, clauses and ratings before they enter their data into forms, click links, pay on-line, or support physicians, purchase hardware, software, and so on.
10 . Cyber Crime, Cyber Security and Data Breach, what’s the difference?
DPO: They are all related since they can all be done on-line. Technically, in simple terms, ‘cyber’ typically relates ‘citizen to citizen’. Such as, posting a demeaning video on-line or stealing someone else’s identity. While ‘data’ usually are taken by companies, entities, institutions and governments; often unknowingly by the ‘data subject’ or individual.
For example: Many companies use that data to save time in processing, to conduct market studies and to enhance their service standards, such as website ‘cookies’ are. While others, may have used it for discriminatory practices; like hiring practices, or sold the data; such as a hospital (or rogue physician or clerk) selling patient data to drug companies, while others simply would throw paperwork and records in the trash.
What an informative lunch it was. I got great insights from my Data Protection Officer and had a delicious lunch at the same time.
Like most of us have benefited, gone global, outsourced, stream-lined, reached the global market, gained millions and millions of views, published digitally and gathered data from potential customers from around the world in every language, in real-time.
Find out if your company is maximizing this information age, on-line global market and if your company is handling the data properly and professionally.
Take a DPO to lunch.
You may also contact the international business development specialists at KA&CO America, just visit www.KareemAntonio.com to find out how you can level-up your business.
Joel Tiongson is an IT Guru, Chief Information Officer, an entrepreneur. and one of the few Philippines Accredited DPO’s. His insights here are basic and merely an introduction to the Data Privacy issue and how it affects you.
You may book your “Lunch Date with a DPO”, or book a company session below.
I WANT IT! You can reserve your copy of the DATA PRIVACY 101 eBook now for just $20.00 USD. You will be amongst the first to enjoy full-access when it comes available plus+ access to the video tutorial (worth $249.00 USD) absolutely FREE as a gift from us for reserving early. We will also give you 20% OFF the DATA PRIVACY 101 Q&A Online Seminar when it rolls out this fall.
COUNT ME IN!