SHARE
SCB EIC ARTICLE
17 พฤษภาคม 2017

Walking a regulatory tightrope on data privacy

Over the weekend, computers worldwide have been hit by a cyber-attack of unprecedented scale. The malware, known as WannaCry, holds your data hostage until a ransom is paid. What has transpired in such a short period of time demonstrates fragility of data protection and risks associated with this technology. Public fear and anger stirred by the event could bring about changes that hinder future innovators, unless a middle-ground solution is established.

Author: Sutapa Amornvivat, Ph.D.

Published in Bangkok Post newspaper / In Ponderland column 17 May 2017

 

GettyImages-653137674.jpg

 

Over the weekend, computers worldwide have been hit by a cyber-attack of unprecedented scale. The malware, known as WannaCry, holds your data hostage until a ransom is paid. What has transpired in such a short period of time demonstrates fragility of data protection and risks associated with this technology. Public fear and anger stirred by the event could bring about changes that hinder future innovators, unless a middle-ground solution is established.

 

Among the new wave of technologies that make its way into our everyday life, many are made possible by big data technology. New knowledge in the field of artificial intelligence and data analytics allow us to harness the power of data we have never used before such as texts and speech.

 

As companies, giant corporates and start-ups alike, start to amass a huge amount of data, privacy becomes a major concern. In this connected world, nearly everything you do leaves a digital footprint behind. Stepping into a store, your steps and turns can be tracked. The store can then analyze video image to see your behavior, facial expression, or even body temperature. The goal is arguably well-intended to improve services for the customers.

 

As of recent, incidents related to privacy protection and data breaches have been cropping up and spooking the public of what might happen to one’s private information. Just last year, an employee in a Thai company sold sensitive information of a customer, resulting in a stalking case that threatened the customer’s life. Other possible outcomes of a breach could range from just annoying phone calls to harassment to identity theft.

 

The question is therefore how to address this privacy issue without hindering technological progress. As the digital revolution marches on, data being collected are expanding at an exponential rate. A delicate balance between privacy concerns and firms’ ability to better serve customers becomes harder to achieve.

 

A large part of this burden falls in the hands of regulators to strike such balance. The trend indeed gears towards tightening restrictions around data use to protect consumer rights. At the beginning of 2018, the EU is rolling out its new General Data Protection Regulation (GDPR) to tighten grips on privacy protection. The laws will add requirements of firms to report incidents of data breaches as well as harden penalties for firms. Amendments to privacy laws in Australia that took effect in 2014 also ramped up punishment.

 

Thai regulators too are catching up with a set of laws called Personal Information Act that are now under the legislative process. The laws have been in development for longer than a decade with a draft released since early 2015. Despite some criticisms, subsequent drafts improved significantly—taking into consideration the voices of the people from public hearings. A new draft that will soon be released is expected to meet international standards as it will be based on the APEC Privacy Framework, APEC Cross Border Privacy Rules, and OECD Guidelines.

 

During the development of the new laws, much discussion revolves around getting consent from people such as explicit consent for data collection, data processing, and disclosure. This is undoubtedly important in its own rights.

 

But consent alone does not protect customers. What needs to be discussed more is the very objective of such public policy: how to ensure that those handling private data are not misusing it and that they have proper measures to prevent the data from falling into the hands of ill-wishers.

 

Setting too much restrictions around data collection could make it costly to use data at all—for the good and for the bad. This will impede growth of data-driven innovation. It will hurt smaller companies like start-ups more so than large corporates who likely have resources and the economies of scale to work around certain legal barriers.

 

Rather, regulators should target their resources on stopping the misuse of data to tackle the root cause of privacy concerns. Setting incentives right for companies to be cautious in handling private data such as penalties for data breaches is one example. But this will only deal with the incurred damage. A more proactive approach taken by Australia’s authority is to set standards for companies to invest properly in their IT security and staff training to prevent breaches from happening at all.

 

Another issue to keep in mind is the nature of the networked world whereby country borders are barely relevant. Indeed, a huge amount of our data is already being stored and processed beyond physical border of Thailand. While curbing data abuse, the new laws ought to be flexible enough to let domestic companies learn about their customers to improve service quality. These improvements by individual firms combined lead to higher productivity that benefits the entire society. In this light, the regulations should at least aim to provide a level playing field for Thai firms against foreign counterparts. Otherwise, we will be forever playing a catch-up game in terms of competitiveness.

 

Aside from the government, businesses should show commitment to instill trust in the public. By maintaining IT security standards in handling private data and appropriate data governance that dictates who can access what to increase accountability and transparency, businesses can ease the public’s fear. Consumers should help too by being mindful when giving up data in exchange of services so that data do not fall into the wrong hand.

 

Overcoming these hurdles will pave way for future innovations and discoveries through the use of big data. As we wait for the next breakthroughs that could propel us from this prolonged period of sluggish productivity growth, we should make sure we are not blocking its way.

ธนาคารมีการใช้เทคโนโลยี เช่น คุกกี้ (cookies) และเทคโนโลยีที่คล้ายคลึงกันบนเว็บไซต์ของธนาคาร เพื่อสร้างประสบการณ์การใช้งานเว็บไซต์ของท่านให้ดียิ่งขึ้น โปรดอ่านรายละเอียดเพิ่มเติมที่ นโยบายการใช้คุกกี้ของธนาคาร
ยอมรับ