Thank you for Subscribing to Apac CIO Outlook Weekly Brief
Straits Interactive: Waging the War On Data Breach
In February 2016, Snapchat came out with a public apology for the internal data breach that led to the theft of employee payroll information. When the debris cleared, it was discovered that a miscreant had impersonated Snapchat’s CEO, Evan Spiegel in a phishing email, requesting for personal protected information (PPI) of approximately 700 employees. This incident of data breach is one of the many examples in today’s world. Such blatant acts of a data breach have become common, with the disruptive technological evolution, that often goes unreported.
Populated with lucid examples of similar corporate data infringements, “88 Privacy Breaches to be Aware of” is the “go-to data protection” handbook. Written by data security experts, Kevin Shepherdson, William Hioe, and Lyn Boxall, and shedding light on data protection laws applicable in different countries, the book has motivated many readers to view corporate governance, risk management, and compliance (GRC) issues from a new perspective.
The book stands as a clear vindication of the authors’ profound domain knowledge. One of the key authors of the book, Kevin Shepherdson, heads the data protection company—Straits Interactive, a four-year-old start up specialising in data privacy and Governance, Risk-Management and Compliance (GRC). The company provides an all-in-one integrated data protection management and governance platform through its DPMS (Data Protection Management System Platform) and GRACIAs (Governance, Risk Assessment, Compliance, and Internal Audit System) system that deliver Training, Advisory, and SaaS solutions to enhance automation, collaboration, and productivity for clients. Having spent several years at Oracle Corporation and Creative Technology in prominent leadership roles, the seasoned veteran, Mr. Shepherdson has helped design some of the key products and solutions for the company. He has been an award-winning marketing strategist at Sun Microsystems.
Preparing Industry Ready Data Protection Officers (DPOs)
Widespread changes in European Union privacy laws known as General Data Protection Regulation (GDPR) are expected to create a huge demand for DPOs worldwide in the next eleven months; in the Association of South-East Asian Nations (ASEAN) all the member governments have committed to legislating and implementing Data Protection Laws in their respective countries. This is part of the establishment of the ASEAN Economic Community, an effort to integrate the region’s diverse economies into a single market with free movement of goods, services, investments, skilled labour, and freer flow of capital.
As a result, Singapore, Malaysia, Philippines have recently introduced Data Protection Laws requiring all organisations to comply or risk hefty fines and jail terms. Realising that, companies would require a speedy but systematic way to tackle the issues of data protection; Straits Interactive developed a blue print comprising a three-prong approach of ‘People, Process, and System’, which helps clients unlike any other provider. This approach makes the company unparalleled. As Shepherdson adds, “This is our differentiation and innovation—together with a holistic ‘People, Process, and Systems’ approach.”
Founded in 2013 to provide data protection services and solutions through its singular flagship platform, the company soon realised that their clients started insisting on using Straits’s SaaS platform for other GRC activities, like information security, business continuity management, and corporate governance-related activities.
Straits Interactive has Developed a Blue Print Comprising a Three-Prong Approach Of People, Process and System
Obliged, the company extended its advisory and audit services to serve them. Mr. Shepherdson recalls, “This is a logical step given that data protection and compliance are the two sides of the same coin in ensuring regulatory and governance obligations.”
Straits’s SaaS platform assists Data Protection Officers (DPO) in approaching their data privacy activities in a systematic and process-driven manner. The system is engineered with best practices suggested by the IAPP and it also allows companies to use the application in their training, audit or compliance efforts to comply with data protection laws. The SaaS platform ensures that operational compliance is achieved cost effectively within weeks, as opposed to months. The solution is particularly beneficial to third party service providers, such as auditors, consultants, or law firms.
The SaaS solution has several added benefits. It empowers DPOs with the ability to assess risks associated with organisational data by providing intelligent privacy impact assessments, checklists, data inventory, and mapping functionalities. New lists can be updated when there are changes, thereby eliminating the need for complex programming or waiting for new customisation. A compelling compliance management dashboard provides oversight and compliance status about various data protection laws in the Asia-Pacific region—a feature particularly useful for organisations with a presence in multiple geographies. Also, the solution recommends actionable tasks, and sends out notifications on risk, audit, and response management, taking out all guesswork from the data compliance. Furthermore, Software-as-a- Service (SaaS) solutions from Straits enhance automation, collaboration, and productivity.
Today, it is the only company in the region to provide an exclusive course dedicated to training DPOs on the ways to comply with data protection laws in Singapore, where appointing a DPO has become mandatory. Straits Interactive provides professional training and advisory services. The company has developed a hands-on course that includes training on the software platform to help DPOs gather real-time exposure. The course helps with the fundamentals of data protection and privacy laws and on the ways to perform the role of a data protection officer. “The market in Singapore alone will require as many as 10,000 professionals with data protection expertise in the immediate future—the reason for us to partner with the Singapore Management University to issue a data protection proficiency certificate to those who complete the course,” expounds Mr. Shepherdson.
Straits Interactive is also an authorised regional training partner of the International Association of Privacy Professionals (IAPP) and OCEG’s GRC certifications. IAPP certifications such as the CIPM (Certified Information Privacy Manager), CIPT (Certified Privacy Technologist) and CIPP/A (Certified Privacy Professional Asia) provide DPOs, legal counsels, and infocomm professionals with a broad perspective of data privacy, covering international privacy regulations, best practices, frameworks, and processes. Mr. Shepherdson points out, “Many of our privacy clients go on to get certified, while individuals who have taken our DPO or certification courses have become our corporate clients.”
A System Platform for Data Protection and GRC
A dramatic increase in cybercrimes in the recent years has prompted governments across the world to reevaluate their existing data privacy and protection laws.
“GRC is not something that you can buy with technology – which is a common misconception, it is something that you build with the help of technology such as the platform we have, and with the right mindset in place,” illustrates Shepherdson. Straits Interactive has spent nearly two years to develop its ground-breaking solution to the immediate problem at hand—The Genexist platform. Genexist sits at the core of the company's popular Data Protection Management System (DPMS), and Governance, Risk Assessment, Compliance, and Internal Audit System (GRACIAs). GRC functions such as content authoring for assessments, risks and audit management, policy/contract automation, compliance tracking, competency assessment, and response management can be effectively managed using theGenexist platform. “Our platform has worked out to be a productivity enhancer for our clients,” reports Mr. Shepherdson. This platform allows clients offering audit, legal and advisory services to easily create their assessment, accountability, competence and compliance frameworks with minimal IT or programming knowledge.
Straits Interactive has spent nearly two years to develop its ground-breaking solution to the immediate problem at hand—The Genexist platform. vGenexist sits at the core of the company’s popular Data Protection Management System (DPMS), and Governance, Risk Assessment, Compliance, and Internal Audit System (GRACIAs). GRC functions such as content authoring for assessments, risks and audit management, policy/ contract automation, compliance tracking, competency assessment, and response management can be effectively managed using theGenexist platform. “Our platform has worked out to be a productivity enhancer for our clients,” reports Mr. Shepherdson.
With headquarters in Singapore and offices in Malaysia and India, Straits Interactive serves approximately 300 clients globally. Recently, the company assisted a listed corporate advisory firm and a TELCO in creating a compliance framework for Personal Data Protection and operational compliance. Several aspects were resolved—including the necessities under the PDPA, the client’s compliance status across various departments, the evolving risks—both physical and admin—how to go about complying with PDPA, and what is the ROI for compliance. Referring to the company’s expertise, Mr. Shepherdson states, “Having an internationally certified team gives us credibility and allows us to implement international best practices for the companies we consult.”
The European Union is all set to implement GDPR in 2017, which will require all 28 countries to comply with the new law. Straits Interactive views it as an opportunity and is gearing up for this change by upgrading its platform to conform to the new laws. The company further plans to expand into countries where data protection laws are changing. On that note, Mr. Shepherdson says, “Data is the common denominator, and our ‘Lego-block’ technology allows us to provide modules beyond data protection.”
The Knowledge Centre: Extending DPOs Purview
Given that data protection laws are new in the region, Straits Interactive is launching a data protection excellence centre by providing assistance and expertise to organisations wanting to operationally comply with the respective data protection laws. Besides providing DPO and privacy certification courses, it has partnered several key leaders in the privacy and security space such as FireEye to share best practices and practical solutions; it is also collaborating with universities such as the Singapore Management University and University of Malaya to up-skill professionals with data privacy expertise as well as to conduct research into potential data breaches found in business processes.
July 19, 2017