Virag Thakkar, Head - IT Governance, Risk & Compliance, Agoda Booking Holdings Company

With 18+ years of leadership experience in Cyber & Information Security covering Audit Compliance, Privacy Frameworks, Risk Management & establishing Security Operations, Virag has attained the industry’s leading certifications like CISSP, ISO 27001 Lead Auditor, PCI-SI, ITIL Foundation & Cyber Laws.

In today’s challenging times of COVID that lead to the unexpected digital transformation of many companies, the question which ran into many board rooms was how we ensure the security of the infrastructure and privacy of data. On top of that, government agencies enforced contact tracing, leading to multiple applications and collection of personally identifiable data.

This led to unprecedented tinkering of existing process and evaluation of new risk vectors in conjunction with data privacy and governance. While most of the companies were just settling into GDPR, and various regulations depending upon the geography they operated upon, this came in as a new challenge for security & privacy professionals.

Once this crisis gets over, in my opinion, this will start reflecting on how data privacy and protection is managed.

  • Government Compliance & Privacy Laws: All data so far collected, especially in conjunction with enforced law by government agencies, will undergo a lot of scrutiny. There will be landmark judgements passed by judicial in relations to how data is collected, stored and especially shared for emergencies. Governments who enforced usage of specific apps or collecting of data of existing under emergencies will need to be revaluated to see their effectiveness.
  • Fundamental Human Rights of Privacy: When united nations adjunct Rights of Privacy as a fundamental right, most countries were bound by it. While there are many definitions and grey areas especially on medical data (Covid Test Results Apps) & locational usage (Check-in to malls) everyone agrees the security of these details needs to be more paramount. More stringent guidelines shall be formed and come out on a granular level of data than the current model of entire gambit.
  • Forced Digital Transformation: By working from home, companies are forced into digitization, drastically raising the data security and privacy risk levels. The new technologies lead to the creation of new processes, e.g. usage of video conferences or collaboration tools, as they were implemented without proper training to users or testing of technologies. Cyber attackers exploited this situation quite well to their advantages. There has been a 5 times increase in targeted attacks across organizations.

Overall, this has led to a rethinking of strategy not only in corporate bodies but also in government sections on how to have better laws and more secure ways of collection and usage of data. Whatever may be the outcome, it is an interesting time for data & privacy security professionals.

 

Related Articles