Keeping data private
Data privacy has hit the headlines in the last month, after the US and the UK were revealed to have been spying on the communications of millions of people around the world
Data privacy has hit the headlines in the last month, after the US and the UK were revealed to have been spying on the communications of millions of people around the world, and coincidentally, the issue of data privacy and protection is touched on by a couple of the articles in the latest issue of ACN, both in our feature on Governance Risk and Compliance issues, and the contributed article on forensic data collection from Rick Barker of Deloitte & Touche (ME).
But while the NSA and GCHQ were caught out using electronics means to tap emails and phone data, the focus for IT organisations in the Middle East should mainly about protecting data privacy, albeit against a legal landscape that is not exactly well defined. Privacy is traditionally highly valued in the Gulf, but paradoxically, legal protection is not particularly clear. Governments and employers tend to have a higher degree of access to personal data of citizens, residents and employees than they would elsewhere, but most of us would not know how to go about finding out what data is being held on us, or enforcing our privacy rights.
The same lack of clarity extends to the IT sector. Data privacy and proper management of personal data is an increasingly serious issue for IT managers. Analysts are predicting a backlash against the likes of Google, Facebook, and retailers that collect large amounts of customer data, as consumers become increasingly concerned about abuse or potential abuse of their data, or even the overall ‘creepiness’ of a company having so much information on their personal habits and connections.
In the Middle East however, data protection and privacy doesn’t seem to get much attention. In a region where CRM initiatives are still, for the most part, in their formative stages, little thought is given to how customer data is treated. The days of incessant SMS spam might have gone in the UAE, but there are still plenty of organisations that are happy to harvest your details and bombard you with email spam and other unwanted communications.
The growing interest in analytics that can be seen among companies in the region indicates that they are hungry to get their hands on data and to start leveraging that data for business purposes. Invariably, some of that data is going to relate to customers, so it is probably about time that the CIOs started to understand just what their legal exposure might be if something happens to that data. As Rick Barker points out in his article, privacy might seem to be treated a bit more lightly in this part of the world, but there are some specific jurisdictions in the region that have tight privacy controls, such as the Dubai International Financial Center, the Qatar Financial Center and Dubai Healthcare City; and numerous other laws can impact on data privacy, including constitutional restrictions, and laws around business and banking secrets, employment, state secrets and so on.
What is needed is a clear data protection law, so that organisations that are handling customer data know exactly where they stand and are able to make sure they have the compliance and security measures in place around the data, before they jump into big data projects and find themselves on the wrong side of the law and in the bad books of their customers.
On another note, nominations are now open for the ACN Arab Technology Awards 2013. As usual, these awards will honour the best projects and implementations that have been carried out in the region in the past 12 months, and as such, we need you to nominate your projects, so that we can shine a light on the technical and business expertise that is being put to work in the region. More details are available on the awards website www.itp.net/acnawards, and you have until Wednesday 21st August, 2013 to nominate.
And don’t worry — project nominations are kept confidential to the judging panel.