ManageEngine: Right systems, controls needed to ensure data privacy rules compliance
MANAGEENGINE, a technology company, said that right systems need to be in place to ensure that the country’s data privacy policies are adhered to, amid fears that the data collected for coronavirus analysis could be later used for surveillance purposes.
“Businesses need to implement responsible data collection and processing practices to remain compliant with data privacy regulations,” Rajesh Ganesan, vicepresident of product at ManageEngine, told BusinessWorld in an e-mail interview.
“Organizations need to incorporate methods to monitor and record numerous aspects of their operations, such as employee data, financial transactions, and network logs, to demonstrate conformance,” he added.
The implementing rules of the Data Privacy Act require the National Privacy Commission to manage the registration of personal data processing systems in the country. Ethical hacker Allan Jay “AJ” Dumanhug told BusinessWorld in a recent interview that many startups appear to be unaware of the law, which is why the government should penalize those that violate it, or else these lapses will persist.
“Even organizations with a strong focus on regulatory compliance struggle to keep up with the list of requirements owing to regulatory uncertainty, insufficient visibility, stringent enforcement actions, and changing technological environments,” Mr. Ganesan said.
He noted that a major concern that has emerged over the last few years is managing the large-scale collection of personal data.
“The pandemic offers a clear example of this: Contract-tracing cloud applications were… utilized to combat the coronavirus pandemic, and these store personal data that could be compromised by sophisticated cyberattacks.” —