BusinessWorld Special Features Writer

Filipinos today are among the most wired populations in the world. In fact, UK-based consultancy firm, We Are Social, recently ranked the Philippines first in terms of social media usage, three years running.
According to their study, the 67 million Filipinos online today spent an average of almost four hours a day on social media alone. That data uploaded and gathered per person numbers in the gigabytes (just think about how many selfies you bless your feed with every day).
Placed in the context of one of the world’s fastest growing economies, thanks to industries like business process outsourcing (BPO), that level of data output makes the Philippines a pretty attractive target for cyberattacks.
Last week, Harriet Green, chairman and CEO of IBM Asia Pacific, shared her insights on the responsibilities of individuals, enterprises, and the government in safeguarding that data security.
Here are five things you need to know about securing your data:

Every individual, young or old, should have their own personal data strategy.

There’s little an individual user can do to stop a cyberattack. But understanding the importance of online hygiene is essential for today’s digital natives.
Data — at scale — has massive value. It’s the reason platforms like Facebook are free to use. Every like, view, and comment you make adds up to a composite profile that platforms can then sell to digital marketers.
“The early beneficiaries of digitization were very few, very large e-commerce and collaboration companies,” Ms. Green said. “All of those business models are on the basis that you give your data for free for them to then use to create a set of economics and sell to whoever.”
As the saying goes: If you don’t seem to be paying for the product, you’re the product.
So how can individuals respond? By assessing their online activities, and adopting a personal data strategy.
“Which [data] needs to be shared with the world at large, with your closest friends?” Ms. Green asked. “What is your view on privacy? Is it relevant that you need everyone to know exactly where you are at any given time? There is a personal responsibility there.”
“It’s your data. You have a right to decide how that data is used.”

Enterprises should be held accountable in keeping their clients’ data secure.

“Eighty-percent of the world’s data is not searchable,” Ms. Green said. “80% belongs to enterprises. It is every roaming algorithm that your local telecom company uses, it’s your data that your bank has kept on you for the transactions that you do.”
According to Ms. Green, it’s the responsibility of enterprises to ensure they’re respecting and safeguarding the data of their users. In turn, individuals need to scrutinize the enterprises they entrust with their data.
“As you trench through the terms and conditions, what does that mean to you and the people you work for?” she asked. “If your nine-year-old daughter [shares data with that company], how do you feel about the protection that exists within that company?”
A checklist of questions one should ask of any company should include: what their stated data policy is; who their chief privacy or chief security officer is; and what the company plans to do in the event of a data breach.
For big businesses and SMEs handling user data, this should be a primary concern.
Stephen Braim, IBM’s vice president for government and regulatory affairs, noted that the stock market doesn’t take too kindly to data breaches.
“When companies had breaches, they tend to suffer the single biggest losses in the stock market,” he said. “You don’t need many of those losses for companies to realize that this is not behaviour that we tolerate as shareholders and as consumers.”

Governments need to enforce data privacy and security through legislation.

On top of the responsibilities of individuals and enterprises, the government should also commit to taking action against those who compromise the security and privacy of its citizens’ data.
Mr. Braim commended the Philippine government for its data initiatives, citing Republic Act 10173, or the Data Privacy Act of 2012, as one of the key pieces of legislation that puts the country ahead in terms of cybersecurity.
“The other thing that is very pleasing [is that you have] a government privacy advisory commission,” he said. “That we don’t see a lot of. Once privacy laws come into place in countries, you often don’t see governments then saying ‘let’s have an ongoing industry discussion’. But it happens here.”
When it comes to data: enterprises need to be respectful, individuals need to be vigilant, and governments need to make sure everyone is playing by the rules.
“No one wants to live in a state where the government controls everything. So it has to be a combination of all those elements,” Ms. Green said.

Developing technologies can help — and hinder — data initiatives.

Today, technologies like blockchain and AI are hailed for their potential to build data systems that are impervious to both hacking and (to a degree) human error.
Imagine an insurance company utilizing the immutable blockchain to encode compliance reports, and AI to study those data sets for instantaneous analytics.
But with all the promises of these developing technologies, should come a healthy dose of skepticism. According to Glen Thomas, vice president for Brand & Communications at IBM, adopters need to be prudent about how they employ these technologies.
“Artificial intelligence needs to be trained,” he said. “All of the data that goes into those systems — the AI system can’t tell whether that data is reliable, biased, or accurate.”
“Bad data will create biased AI systems,” he said. “So the recommendations that come out of them that people rely on may be unfounded, flawed. This goes back to corporate ethics. How we treat data is so important.”
Ms. Green added, “Imagine a world where those unconscious biases, where the algorithms reflect the bias of gender or race, color or ethnicity.”
“Regardless of your age, sex, color, creed, sexuality, physical ability, the data algorithm should not be making a decision alone for you based on the shape of your face, or the orientation of your eyes or whatever,” she said.

Filipinos should realize the value of their private data — because they produce a lot of it.

“Data is the new oil. It is the ultimate most powerful commodity,” Ms. Green said.
As technology continues to become a greater part of daily life, Ms. Green emphasized the importance of being vigilant with one’s data.
In a recent report by cybersecurity company Kaspersky Lab, the Philippines placed ninth in the world in terms of volume of online attacks during the second quarter in 2018, leaping up from 44th a year earlier.
Kaspersky Lab found that the Philippines registered 10.6 million malware infections during the three months to June, more than triple the number of threats from a year earlier.
IBM’s own data found that companies in the Philippines receive anywhere from 50 to 100 cyberattacks a day.
“This isn’t just about banks and airlines and telecommunications,” Ms. Green said. “Here in the Philippines, your number one industry is services, your number two industry is BPO, all of it is driven around data.”
Far from suggesting people go off the grid, Ms. Green simply asks individuals to consider data security as they would consider resources like time or money.
“All of us need to think about data principles and data security in the same way we would think about convenience,” Ms. Green said. “We are suggesting that everyone, enterprises, governments and individuals make decisions, ask those questions.”