MANAGEENGINE, a technology company, said that right systems need to be in place to ensure that the country’s data privacy policies are adhered to, amid fears that the data collected for coronavirus analysis could be later used for surveillance purposes.

“Businesses need to implement responsible data collection and processing practices to remain compliant with data privacy regulations,” Rajesh Ganesan, vice-president of product at ManageEngine, told BusinessWorld in an e-mail interview.

“Organizations need to incorporate methods to monitor and record numerous aspects of their operations, such as employee data, financial transactions, and network logs, to demonstrate conformance,” he added.

The implementing rules of the Data Privacy Act require the National Privacy Commission to manage the registration of personal data processing systems in the country. Ethical hacker Allan Jay “AJ” Dumanhug told BusinessWorld in a recent interview that many startups appear to be unaware of the law, which is why the government should penalize those that violate it, or else these lapses will persist.

“Even organizations with a strong focus on regulatory compliance struggle to keep up with the list of requirements owing to regulatory uncertainty, insufficient visibility, stringent enforcement actions, and changing technological environments,” Mr. Ganesan said.

He noted that a major concern that has emerged over the last few years is managing the large-scale collection of personal data.

“The pandemic offers a clear example of this: Contract-tracing cloud applications were… utilized to combat the coronavirus pandemic, and these store personal data that could be compromised by sophisticated cyberattacks.”

“While data analytics has played an undeniable role in studying the spread of the infection, it is imperative to monitor how organizations are processing the data collected from mobile phones, health screening apps, and more,” he also noted.

He said that the best practices for businesses to achieve compliance include forming a governance, risk, and compliance team; integrating compliance-related activities across departments; and developing compliance dashboards that show teams’ risk management and audit readiness.

Mr. Ganesan also outlined cost-effective strategies for ensuring data privacy and cybersecurity without breaking the bank, including building a robust risk management framework, training employees on regulation and compliance, and developing mechanisms for escalating regulatory and compliance issues directly to upper management. — Arjay L. Balinbin