Data collection has become an integral element of modern life. Every day, people are generating valuable data through online buying and purchase behaviour, social media interactions and the use of smartphones for various services such as booking a ticket or just making payments to someone. There is ambiguity with the utilization of these large chunks of data by enterprises.
However, one aspect that we have seen is that the use of technology has enabled ‘specific ads targeting’ with the use of this sensitive data by enterprises. It is fair to say that with the recent advances in AI (Artificial Intelligence), ML (Machine Learning) and Data Analytics the way data is collected and utilized has become more focused and strategic. This begs the question – What is the role of companies and corporate governance in safeguarding the citizens? What is the current framework in the data protection and privacy domain?
Facing this scenario, many organizations are now considering how they should best approach corporate governance to protect citizens' data. Corporate governance is not just about creating rules; rather it is about implementing strong practices that will safeguard people's data against misuse and espionage by third parties.
The first step to safeguarding citizens' data is to make sure that all relevant policies are aligned with GDPR standards. The second step is to make sure that you have procedures in place for all key areas including protecting digital assets and developing cybersecurity.
Data has been a hotly debated topic in recent months with several cybersecurity consultants and think-tanks pointing out that the recent MEITY (Ministry of Electronics and Information Technology) draft of data protection might not be enough to safeguard the interest of the citizens. For corporations as they weigh in the newly drafted data privacy and protection framework, most of them are working on ways to balance data privacy and security with being innovative and accountable.
Typically data needs to be protected from both external attacks as well as from internal corruption. To have a robust system to safeguard sensitive data three pillars need to be secured: Data Governance, Data Security, and Data Management
While Governance includes mechanisms to safeguard data collection at the source, it also includes establishing guidelines on establishing who can access it and the tenure of the information/data to be stored and archived.
For a successful Corporate Governance policy to be incorporated within an organization, the first step is to realize that the entire process of drafting the policies, maintaining checks and balances, and implementing them towards Corporate Governance is directed towards its stakeholders. This includes the framework for managing risks, following regulatory standards and principles about how company is run and all the future contingencies from the perspectives of the stakeholders.
The next step is to examine what governing bodies do to safeguard and protect citizen’s data. Many governing bodies ensure that companies abide by data-protection laws like GDPR (General Data Protection Regulation). One way they regulate this is by providing sanctions for noncompliance with the law; another way they enforce it is by providing terms and conditions.
The final and the most important step is communication and transparency. It is imperative that the company not only follows the rules and compliance but also ensures that they are communicating and remaining transparent about their practices with their customers, shareholders, government, and the public at large.
To summarize, Corporate Governance amongst enterprises should work like clockwork and not on a catch-up basis to the government policies and framework. The responsibility to safeguard the data and privacy of citizens lies with the government, the companies, and the decision-makers in the industry. Till we adhere to the fact that ‘Data Privacy is Sacrosanct’ enterprises will always play catch-up and do the bare minimum. With the right attitude, it’s a win-win for all.
The article is authored by Ankit Saraiya, Director & Head- Data Centre Business, Techno Electric and Engineering Co.