As our digital footprints grow exponentially, a tectonic shift in public awareness about privacy and security in the digital world has occurred. The calls for more privacy protection and regulation are on the rise around the world.
We believe in the idea that personal data and information should be treated confidentially. Hence, we take user privacy as our utmost concern.
We interviewed our legal team manager, Calvin, on how AtlasV safeguards the privacy of users’ when we develop our products.
“Our products are in compliance with many data privacy protection regulations, such as GDPR, PDPA, CCPA and COPPA. These regulations act as a guideline, helping us in developing applications where the privacy of users’ sensitive information are protected,” Calvin said.
What are these regulations all about?
- GDPR (General Data Protection Regulation 2018, Europian Union)
- PDPA (Personal Data Protection Act 2012, Singapore)
- CCPA (California Consumer Privacy Act 2018)
- COPPA (Children’s Online Privacy Protection Rule, 2018 USA)
Generally, these regulations provide a baseline standard of protection for personal data and sensitive information. They govern the collection, use, disclosure and care of personal data by the service providers, and give consumers the right to control over their personal data; while COPPA specifically imposes requirements on providers whose services directed to children less than 13 years of age.
What is sensitive information?
Sensitive information is data that is required to be protected from unauthorized access and unwarranted disclosure. Misuse of the following sensitive information can result to user’s privacy disclosure:
- Personal Information (a.k.a. personally identifiable information) – data that can be linked to a specific individual, such as your identity information, contact information, medical information and banking information.
- Business Information – data that would cause damage to a company if accessed by a competitor or the public, such as financial data, trade secrets, supplier information, and customer data.
- Digital Footprint – trail of data you create while using the Internet, such as your online activities, browsing history, cookies.
- Mobile Authorisations – Permission allowing service providers / apps to access to the content and features of your device, such your personal files (e.g. image, video, and audio files), camera, voice recorder etc.
So, how do AtlasV protect our users’ rights while developing the applications?
There are many elements involved in order to make this works; Calvin named us the three most important key elements when we are preparing to start our business:
Data Protection Officer (DPO)
DPO is a mandatory enterprise security leadership role for all companies that collect or process personal data, under the requirement of Article 37 in GDPR
The primary role of the DPO is to oversee a company’s data protection strategy and its implementation, to ensure compliance with GPDR requirements. They are responsible for educating, training staff involved in data processing, and monitor compliance with data protection law. DPO also serve as the point of contact between the company and any Supervisory Authorities (SAs) on issues related to data processing.
Although there’s no hard rule on the qualification, favorable qualities of a DPO would be expert knowledge of data protection law and practices. Commonly, DPO is an IT professional (Security) or an expert with a legal background, or someone who received training from International Association of Privacy Professionals (IAPP). DPO should also be familiar with the day to day operations of our company.
Powerful Lawyer Team
Strong Inter-department Collaboration
The DPO should not be solely responsible for the compliance process of the entire company. Inter-department cooperation is essential because it is almost impossible for one person to have continuous insight into the fine segments of all the business processes.
Production team should ensure cybersecurity features are incorporated in to the product’s design to prevent the breach of sensitive information. Marketing team should make sure that the user’s sensitive information is not used as bargaining chip for the trade when they are cooperating with third parties. When operation teams organizes an event on festive seasons, the T&C and the information submitted by users during questionnaire or surveys must be deleted immediately after the activity ends. Customer Support team should also keep the conversation, chatting history and contact information of the users private and confidential. All teams will receive training on privacy related regulation every quarter of a year.
What matters to our users in this issue?
A data protection regime is necessary to safeguard personal data from misuse and to maintain individuals’ trust in service provider that manages their data.
“We hope our users feel at ease, after understanding our commitment in privacy protection and security through this interview session,” Calvin said.