How would the phasing out of physical identity cards and the use of COVID-19 contact tracing apps impact the way data is managed and protected in ASEAN?

Governments, businesses and citizens around the globe have accepted the fact that COVID-19 has changed the world drastically.

One major area of impact is the use of tracing apps to better manage and monitor the spread of the coronavirus and its variants. Servers in government and healthcare organizations are flooded on a daily basis with Personal Identifiable Information (PII), and the data is transmitted in various ways – Wi-Fi, mobile networks, bluetooth, IoT, LANs and WANs.

In ASEAN, some governments are making the move to make physical IDs obsolete. That means our identities will be linked to either our mobile phones, or to some Internet accounts registered with the government, or even a nano-chip inserted into our body.

In this digital future, data management, privacy, security and governance in the region will have to change drastically to keep pace. There’s a technical debt to be paid…

For the possible transformations ahead, and how businesses in the region should ready themselves, CybersecAsia sought out some insights from Sheena Chin, Managing Director of ASEAN, Cohesity.

Sheena Chin, Managing Director of ASEAN, Cohesity

Have you seen a significant change in how businesses in ASEAN view data since the COVID-19 pandemic hit?
Chin: Since the COVID-19 pandemic hit, businesses were forced to leverage cloud storage for easy accessibility and to streamline workflows and processes. With the rise in remote working, data that is saved on public cloud environments has grown exponentially. Those who have done so realized that there can be more challenges faced such as fragmentation, inefficiency, and dark data. Businesses who succeed are those that can protect their cloud data, as inadequate protection can lead to data loss.

Moreover, today’s backup and recovery landscape is littered with separate legacy point-products for backups, target storage, and long-term data retention. It’s a complex environment to manage as each silo is designed on proprietary hardware and/or software packages that typically have their own management tools, upgrade cycles, and maintenance and support contracts.

Basic techniques for performing backup and recovery have evolved incrementally and within proprietary vendor silos. Until recently, IT teams have had no option but to perpetuate the traditional hardware-centric approach which only adds more complexity, risk, and cost rather than solving underlying issues. Enterprises require a fundamentally new approach to break the cycle of technical debt, liberate IT and business teams from outdated architectures, and free trapped data into assets rather than costly liabilities.

How should businesses manage old data such as names and phone numbers collected on pieces of paper?
Chin: Many local malls have requested customers’ personal information such as names, phone numbers and identification card details. Apart from the possibility that the Personal Identifiable Information (PII) could fall into unscrupulous hands, the data may not be easily retrievable or consolidated in the event that contact tracing was necessary.

Scanning copies of papers creates a digital archive that can also be used as a backup, especially if the files are password-protected and stored in a secure location. In accordance with local data protection acts, businesses need to protect customers’ personal data and reduce the risks of misuse of personal data.

Additionally, businesses should be mindful of whether they have the consent to digitize customer PII. By verifying with customers, businesses can gain customer confidence as it moves towards digitalization.

How have tracing apps such as Singapore’s TraceTogether and SafeEntry changed the way businesses handle data?
Chin: Contact tracing apps like TraceTogether and SafeEntry have given us a glimpse into the nation’s future, while also encouraged consumer behavior to a certain extent. As consumers share more information online, they become more conscious of the purpose of data collection and whether their information is shared. Consumers are also gaining a stronger awareness and notion of exchanging data for a service.

The heightened awareness and caution surrounding data privacy goes to show that data privacy regulations are here to stay. The good news is, I think that businesses in Singapore have been rather proactive in adapting to new government measures. Moving forward, businesses should revisit their data handling and management practices. One example is Singapore’s Personal Data Protection Act (PDPA), which helps businesses gain a stronger understanding of how they may collect personal data for COVID-19 response measures.

Would the phasing out of the use of identity cards such as Singapore’s NRIC for contact tracing help businesses manage customer data better?
Chin: I believe that phasing out the use of identity cards would help businesses improve the management of customer data as they do not need to spend extra effort ensuring that information recorded on paper is managed and stored safely. The process makes it simpler for organizations to secure data at the backend. Businesses can have peace of mind that the data retrieved is authorized.

Moreover, the process will minimize required paperwork. Businesses can shift their focus onto building better customer relationships and tailor strategies based on customer needs. This will be the standard moving forward, as we continue to adapt and evolve together with technology improvements.

What are your thoughts on how data management and protection measures would evolve in the region, moving forward?
Chin: Enterprises need IT infrastructure, including backup and recovery tools that are agile, simple to manage and easy to scale. Data has become isolated in specialized infrastructure. Businesses need to streamline and get rid of duplicated data.

Unfortunately, this is a common oversight in the rush to meet customer demand. Having a single location for data makes it more convenient for businesses to improve their time to market, scale and provision security.

Regardless of the size of the organization and the industry they are in, businesses should adopt data management and protection measures that help them increase resilience.

Firms can take a more holistic, platform-based approach to hybrid data management that defines a blueprint for an intelligent data workflow. This can be based on common policies for access control, security and lifecycle management that leverage highly scalable resources, orchestration capabilities and cost efficiencies found in the public cloud.

The reality is that customers are often already at their limit and at best only able to perform backup jobs once a day, with such jobs sometimes bleeding into their production windows. Businesses should understand that backups resulting in rapid recovery is necessary especially with rising occurrences of ransomware attacks.