Log in to the online community

Want to post a reply? You'll need to log in
Data Privacy Laws and Associated Further Regulations
Question
Protection of personal data is often referred to as Data Privacy. Such personal data could be a range of data values, ranging from a person's personal details such as Name, Date of Birth, Address etc., to that of wider implications such as Bank Details, Income and Buying Habits. Personal data of Organizations can be comparably stated to be that of its Customers, Sales, Budget, that are often deemed to be share price sensitive data for a listed organization. However, whilst such sensitive data for companies have been regulated and audited for a prolonged period of time, and new rules and processes matured, the protection of personal information about individuals is far behind in the Digital Economy. The level of regulative protection that can be expected by a company to make it feel safe and secure in its market, is yet to be established for individuals, who in the Digital Economy, produce valued and collectable information for use by businesses. This has become an issue, as such personal data was not formatted digitally, or widely available by request or otherwise from third parties, that it is now with the use of online services and e-commerce. Hence, the requirements for Data Privacy for individuals is quite pronounced, and many Countries have accordingly started to adopt such legislations.

Important economic assets can be collected from digital data of persons using Data Mining technologies. Indeed, it could become a prime target for economic espionage, if fallen in the hands of adversaries. Such adversaries, who may plan to economically bring down a Country to its knees, can do so very easily with the use of Private Data that it may collect using hackers or other forms of Cybercrimes. This is especially made easier, if the adversaries have no regulations or laws against which they can be held accountable. So, an adversary can freely collect personal data, such as from online forums, chat services, online marketing, or even from third parties such as valid financial institutes or retailers, who may sell such data for some additional revenue. Currently, and without any regulations to prevent such transactions, it may well become a billion dollar industry to buy and sell individual personal data for a targeted economy. Again, an adversary may accumulate and observe trends even at a very granular level of a particular individual, to then plan and attack an economic espionage. This can be as simple as introducing products and services that are beyond the current market abilities, in terms of prices and goods and services, or be of a more economically defined parameter, such as buying and selling of financial assets of the targeted Country, including financial manipulation of its Currency. If an adversary knows with a great amount of certainty, the buying habits, prices and trends of an economy, this information is priceless for any financial undertakings. So, without data privacy regulations, such adversaries would not even be held liable for such aggressive act against a state and its individuals.

Data Privacy rules should firstly ensure that the data of an economy or a country is not transported, managed or manipulated by any other third parties that are not in the resident state of the collected data. Such Data Localization Laws are a first and difficult introduction, as often the argument is of a borderless existence online. However, this colorful existence of the online world, whilst suggested, has almost had its turn of a good time, especially when countries started loosing tax revenues that it usually collects from its classical economic transactions, that would now be occurring online. So, to look into the future for a borderless online economic state, is mostly a futile and increasingly illegal activity. Thereby, the regulations match such developments, and technology is required to adhere by storing data locally in a Country. Whilst the laws have been passed, it has to now be enacted and enforced, and Company Audit has an important role to play with such enforcements. Otherwise, and simply, Countries would be incurring huge budget deficits, including calling recessions due to lost economic value.

Also, whilst and alongwith enforcing Data Localization Laws, further Cybersecurity Laws have to be introduced. Such Laws, would need to regulate the economic importance and protection of when, how and where data can be transferred between organizations, including any derivatives of private data of individuals. Data is imported and exported much like any other economic asset, and the metadata of which data and between what parties can be transferred, bought or sold, has to be defined by the laws. So, any unnecessary or unexpected data, personal or otherwise, and its associated Intellectual Property, should not be de-localized without the regulative and financial understanding of its own market and customers. This creates an opportunity for administrative defaults, as when a Country looses important information about itself to a third party, it is often followed closely by economic downturns and recessions. So, in the digital economy, appropriate measures to protect the economic assets have to be introduced, that firstly draws the conditions upon which such digital economy exists within a State. Data Privacy Laws, and the suggested Data Localization and Metadata Transaction Laws would be a good first step towards further establishing a respectable digital economy.

https://www.oaic.gov.au/privacy/the-privacy-act/

https://www.investindia.gov.in/team-india-blogs/understanding-data-localisation-debate-india


 
Replies

Share:

Log in

Want to post a reply? You'll need to log in