Written by Barkha Manral
Data is everywhere, surrounding us – whether generated, collected, or produced, can be categorized as data. But what exactly is this data? Data is just a collection of information, facts, or statistics that is gathered, stored, and analyzed to serve diverse objectives. It manifests in various formats, including numbers, text, images, or multimedia, and may exhibit structured or unstructured characteristics. Acting as the cornerstone, data facilitates informed decision-making, pattern recognition, and insights into a multitude of phenomena.
In the modern digital era, mastering data utilization is crucial for staying ahead of the competition and ensuring long-term growth. Is merely collecting and maintaining data sufficient for organizations operating at various levels? What about governing the data? What about safeguarding the privacy of confidential data and ensuring user confidence when sharing their information in various forms? This is where Data Governance comes into play, managing all aspects of data to ensure its integrity, security, and compliance with regulations.
Data Governance
Data governance ‘encompasses a set of processes and protocols within an organization that streamlines the management of both internal and external data flows’. By aligning people, procedures, and technology, it aims to enhance understanding and transform data into a valuable enterprise asset. This involves overseeing the availability, usability, integrity, and security of data according to internal standards, policies, and regulations. Effective data governance ensures that data remains consistent, comprehensible, accurate, complete, reliable, secure, and easily accessible.
According to recent findings, the count of IoT devices is going to surge from 15.1billion in 2020 to more than 29 billion by 2030, surpassing the value of 5.3 billion people connected to the Internet, which eventually means more IoT devices and more data, which certainly leads to an increased need for data governance. McKinsey reports that approximately 127 new IoT devices connect to the Internet every second, projecting a total of 30.6 billion IoT devices in the near future. Storing such vast amounts of data centrally is impractical, leading to the emergence of edge computing technology. This technology enables data storage at the point of collection but again necessitates protocols to ensure data authenticity and consented usage. Therefore, amidst the increasing digitalization accelerated by the COVID-19 pandemic, organizations risk significant setbacks without robust data governance measures in place.
The question of why we need Data Governance is akin to questioning the necessity of Internet Governance. In today’s world, where vast amounts of data, including Personally Identifiable Information (PII ) are generated, stored, and exchanged, the need for effective governance is paramount. Without proper governance, data may become unreliable, leading to reluctance in data sharing and storage, erosion of customer trust, non-compliance with regulations such as GDPR, compromised decision-making, and increased operational costs.
How Data is Collected?
Data collection encompasses the process of acquiring data for various purposes such as business decision-making and research. It employs diverse methods including automated functions, sensor technology, surveys, social media monitoring, interviews, and direct observation, involving sensitive information like National IDs, Passport Data, Medical Data, and Bank Account Data. In today’s IoT-driven world, nearly every aspect of our lives involves data exchange, whether qualitative, quantitative, structured, or unstructured. However, the safety and confidentiality of this data remain uncertain. Despite advancements, privacy remains elusive in the realm of the Internet and data. Incidents of data breaches, whether on a local, regional, or global scale, are alarmingly frequent. In 2022 alone, over 4,100 publicly disclosed data breaches were recorded, leading to the exposure of approximately 22 billion records. Forecasts indicate that these figures may rise by up to five percent in the coming years, underscoring the pressing need for enhanced cybersecurity measures.
Notable Data Breaches in the Asia Pacific Region
Optus Data breach, Australia
On September 22, 2022, Australian telecommunications giant Optus experienced a severe data breach, resulting in the unauthorized access of details belonging to 11 million customers. The compromised information included customers’ names, dates of birth, phone numbers, email and home addresses, driver’s license and/or passport numbers, and Medicare ID numbers. Subsequently, files containing this sensitive data were shared on a hacking forum after Optus declined to pay a ransom demanded by the perpetrator. Additionally, individuals affected by the breach reported receiving demands from the alleged hacker, threatening to sell their data to other malicious entities if they did not pay AU$2,000 (US$1,300).
Data breach involving the Aadhaar database, India
In October 2023, Resecurity, an American cybersecurity firm, reported that the Personally Identifiable Information(PII) of 815 million Indian citizens, including Aadhaar Numbers and passport details, was being traded on the dark web. Although threat actors did not disclose how they acquired the data, making it challenging to determine the source of the leak, they asserted access to a 1.8 terabyte data breach affecting an unspecified “India Internal Law Enforcement Agency.”
Discovery reveals details of Bangladeshi citizens
In July 2023, the website TechCrunch revealed that the personal information of over 14 million Bangladeshi citizens was accidentally exposed through the Office of the Registrar General, Birth and Death Registration’s website. South African security firm Bitcrack Cyber Security corroborated the data leak, which included names, phone numbers, emails and national ID numbers. In fact, it was Bitcrack researcher Viktor Markopoulos who accidentally discovered the breach in late June and notified the Bangladeshi e-Government Computer Incident Response Team (CIRT). The Bangladesh government responded by taking down the exposed data.
Didi Global: $1.19 billion, China
Chinese ride-hailing company Didi Global faced a fine of 8.026 billion yuan ($1.19 billion) from the Cyberspace Administration of China. The fine was imposed after authorities concluded that Didi Global had breached the nation’s network security, data security, and personal information protection laws. Didi Global acknowledged the decision of the cybersecurity regulators following a year-long investigation into the company’s security practices and potential illegal activities.
Data Governance Legislation
Although different laws and rules have been made on the basis of jurisdictions. Legal rules and terms are made to combat or overcome this issue of Data Breach but it is still a challenge for most of the countries to implement and regularize the same. Some of the laws are as follows:
| Country | Legislation | Latest Amendment |
| Australia | Australian Privacy Act 1988 (APA), with Notifiable Data Breach Scheme (22 February 2018) | |
| China | Personal Information Protection Law (effective November 2021) and various implementing regulations | |
| Hong Kong | Personal Data (Privacy) Ordinance (PDPO) | Latest amendment: 1 October 2022 |
| India | Digital Personal Data Protection Act | |
| Indonesia | Law No. 27 of 2022 concerning Personal Data Protection | |
| Japan | Act on the Protection of Personal Information (2003) and amendments | Last implementation: April 2023 |
| Malaysia | Personal Data Protection Act 2010 (PDPA) | |
| Philippines | Data Privacy Act 2012 (DPA) | |
| South Korea | Personal Information Protection Act (PIPA) | |
| Singapore | Personal Data Protection Act 2012 (2020 Revised Edition) (PDPA) |
However, one might wonder whether these laws and regulations have resulted in any reduction in the number of data breaches, or if they even adequately address the issue of data breaches. Moreover, it raises concerns about the extent to which applications that track our data under the guise of providing reminders are utilizing that information. Is abstaining from such applications or disconnecting from the internet altogether the solution?
Ultimately, a comprehensive solution can only emerge from open and extensive discussions among members of multi-stakeholder groups. Since data belongs to everyone, it is imperative for all segments of society to comprehend its nuances and collaborate towards establishing a robustly secure platform.
References
- Kanade, V. (2022, April 22), What Is Data Governance? Definition, Importance, and Best Practices, Retrieved from https://www.spiceworks.com/tech/big-data/articles/what-is-data-governance-definition-importance-and-best-practices/
- Abraham, R., Schneider, J., Brocke, J. (2019, December), Data governance: A conceptual framework, structured review, and research agenda, Retrieved from https://www.sciencedirect.com/science/article/abs/pii/S0268401219300787
- Hill, M., (2023, September 19), The biggest data breach fines, penalties, and settlements so far, Retrieved from https://www.csoonline.com/article/567531/the-biggest-data-breach-fines-penalties-and-settlements-so-far.htmlSmail, J., (2023, September 9), The top 10 APAC data breaches, Retrieved from https://www.cshub.com/attacks/articles/the-top-10-apac-data-breaches#:~:text=Latitude%20attack%20causes%20breach&text=However,%20updates%20revealed%20that%20passport,14%20million%20customers%20were%20affected