With the recent implementation of the Data Privacy Act, there is a strong impetus for the government and private sector to improve their commitments to protecting privacy. To talk about best practices from a compliance and governance standpoint, ECCI’s Delivery Director, Kamesh Ganeson, was asked to present best practices at the Data Privacy Forum hosted by Disini & Disini Law last November 3, 2016.
ISO 27001: Information Security Management
Leveraging on his knowledge of Information Security, Mr. Ganeson discussed ISO 27001 which lists down compliance requirements with information security. The ISO Standard has seven mandatory clauses that companies must follow to be classified as compliant, such as guidelines on leadership, planning and operations.
Mr. Ganeson also shared the CIA triad, an important framework in information security. Confidentiality, Integrity and Availability are three crucial principles that has become the backbone of most information security standards like ISO 27001 and PCI-DSS.
Information Security Best Practices
Mr. Ganeson shared with delegates ten key best practices that they should always keep in mind. He emphasized the need to having formal policies and procedures in place to guide the organization in their information security initiatives. Moreover, there is a great need for companies to take information security from a risk-based approach to see their vulnerabilities and how they can remedy it.
Moreover, citing infamous security breaches in 2016, Mr. Ganeson shares that the Philippines still lags in adopting technologies to shore up information security measures. Basic security defenses like firewalls and protecting network ports are often overlooked. Though with the recent rise of cybersecurity threats,even these measures often fail. Using cryptography and virtual private networks are becoming the norm in several industries that deal with sensitive data.
Moving towards a more secured Philippines
Aside from Mr. Ganeson, several other speakers talked about their take on the Data Privacy Act and the newly institutionalized National Privacy Commission (NPC). Mr. Raymund Liboro, the NPC Commissioner, believes that the recent law is a step in the right direction. “In the face of twenty first century crimes, we need a twenty first century law that upholds data privacy,” Mr. Liboro said in his keynote.
The Data Privacy Forum was organized by Disini & Disini Law, a leading firm specializing in banking and e-commerce. Their experience in handling information security and privacy led them to successfully lobby the ratification of the Data Privacy Act or RA 10173. They were also entrusted to create the law’s implementing rules and regulations.
Disini & Disini Law organized the Data Privacy Forum in response to the very recent creation of the Data Privacy Commission and the release of its first two privacy-related circulars to government agencies.