In recent years, high-profile data breaches have thrust the issue of data privacy into the public eye. Massive leaks of sensitive information from major corporations and institutions have raised questions about the adequacy of existing safeguards. The exposure of personal details, financial records, and even medical histories has sparked a growing awareness of the need for stringent data protection measures.
As the global community celebrated Data Privacy Day last January 28, these issues have become especially relevant to remind the public that protecting personal information and building a safer, more secure online environment is imperative in an increasingly interconnected world and the advent of AI and emerging tech.
“Effective data security revolves around implementing protective measures at every stage of the data life cycle: from collection to utilization, and finally, storage, deletion, or archiving,” said TeamAsia Data Protection Officer Jeff Enriquez. TeamAsia is a 31-year-old integrated marketing agency in the Philippines with key clients in tech, IT-BPM, and other industries.
“Data security is about enforcing policies, restricting access, managing and updating records, and upholding Data Subjects’ rights,” he added.
With Enriquez’s vast experience in the industry and as the IT and Tech Capabilities Director, he plays a crucial role in ensuring TeamAsia’s compliance with regulations and safeguarding individuals’ privacy. Among his responsibilities are regularly assessing and monitoring TeamAsia’s compliance with data protection laws and internal policies; and providing training to employees to ensure awareness and understanding of such regulations and protocols.
Collective effort
But the road to securing and protecting data has not always been easy. The vulnerability of data security is a multifaceted challenge, with human negligence often emerging as the weakest link, according to Enriquez.
For instance, during event registrations, the misuse of data during collection introduces a layer of susceptibility. While data is gathered with a specific purpose, unforeseen circumstances such as evolving project requirements or the loss of company equipment like a laptop or phone may lead to unintentional usage of data beyond its intended scope.
This is the reason why organizations like TeamAsia actively invest in training their personnel across multiple platforms. Last year, the company shared tips for employee cybersecurity while this year, Enriquez said that they will focus on discussing data protection policy and how it can be translated to TeamAsia’s daily operations.
In addition to training, he said that the company conducts regular audits of its databases.
Multifaceted measures
In further pursuit of robust data protection practices at TeamAsia, Enriquez addressed multifaceted challenges ranging from misconfigurations to sophisticated cyber attacks. The company’s approach to data security is structured into three distinct categories: physical and technical measures, and organizational security.
He explained the physical measures, “We safeguard critical documents such as printed resumes. Trained individuals in the company are responsible for securely storing these items in designated, access-restricted locations. The implementation of locked cabinets and paper shredder compliant with NPC requirements add an extra layer of security.”
Technical measures involve anti-virus software, firewalls, and prudent connectivity practices. Adhering to policies discouraging the use of open and public Wi-Fi connections, and advocating for secure hotspots or established networks contribute to a resilient defense against potential cyber threats. In addition, stringent access controls and close monitoring of third-party access enhance the overall security posture.
“The adoption of AI policies, data protection policies, and encryption protocols for websites further fortifies the organization’s defenses,” added Enriquez.
Meanwhile, organizational security is reinforced through the establishment of comprehensive policies including IT and social media guidelines and budget allocation dedicated to sustaining robust data protection measures. Also part of the organizational security is the Work Anywhere Setup Policy and the DPO Certification from National Privacy Commission accredited training providers.
“Businesses should allocate resources towards enhancing data security, including investments in training and workshops for their personnel. In TeamAsia, regular awareness campaigns and updates on evolving cyber threats during organizational calls underscore the company’s proactive stance in navigating the ever-changing landscape of data security,” he said.
Enriquez added, “There is a common misconception that places the IT team as the sole authority, but in reality, data security is a collective effort where each individual holds a significant role and obligation. It has always been a team effort.”
Read also
In line with the celebration of Cybersecurity Awareness Month this October, NCC Group reaffirmed its…
From cheers and kanpai to geonbae and tagay, add now prost to your list of…
UNICEF, together with the Council for the Welfare of Children, the National Economic and Development…
“Divorced, beheaded, died/Divorced, beheaded, survived.” Who knew that a musical that starts off with this…
Tucked away in the bustling streets of Palatiw, Pasig, ChellyRobert offers a surprising variety of…
As My Dream In A Shoebox (MDIAS), the annual education campaign led by strategic marketing…