Data Security and Data Governance: Foundation and Case Studies (including Privacy, Legal, Social and Ethical Issues) — Lecture for the AT82.02 Data Modeling and Management course at the Department of Information and Communication Technologies, School of Engineering and Technology, Asian Institute of Technology. Delivered November 12, 2021 via Zoom.

1. Data Security
and Data Governance
Foundation and Case Studies
including Privacy, Legal, Social and Ethical Issues
Thiti Vacharasintopchai, D.Eng., ATSI-DX, CISA
November 12, 2021
FOR GENERAL AUDIENCE

2. 2
#construction
#techmanagement
#realestate
#university
#healthcare
Certified Information Systems Auditor (CISA)
ATSI DX expert
D.Eng. (AIT 2007)
M.Eng. (AIT 2000)
B.Eng. (Chula 1998)
About Me

3. DISCLAIMER
All views expressed are my own and
do not represent the opinions of any entity with which
I have been or am now affiliated
3

4. We are living in the ultra-connected world
4
!"#$%&'()*+,&$&-,.(/0-1&$-23.(-4#,,&$-,"%2.(5"6*7&%"77&%,"$-8+&,.(-*0514"+&.(9117&8%"5
!
:50;&-(-#6<&%,(,"(%"13$*;4,("=($&-1&%,*>&("?+&$-
!"#$%&'"(%)*+$,"+'"-&.&/+0012%/3*%+2)"4 5,"6&7%/&)
@ABB(=*$-,(,&7&;$014
CDC@(EF(B/(GHI(
"+JK&>*%&(LM(J #7,$0(1&$-"+07*N&K
@OAP

5. 5
!"#$%&'(G"",-#*,&

6. 6
!"#$%&'(G"",-#*,&
!"#"$%&'#()%(*% *+,-#.#-&$/'#"*#/&$01#"1)'#2),&'"*+&#
$+3#4'&/#5/*6"1#)'#+*"#',*6)+57#

7. 7
!"#$%&'(G"",-#*,&

8. 8
!"#$%&'(Q!(R4056&$("=(R"55&$%&(S"#+K0,*"+(J 4,,1-'TT???8#-%4056&$="#+K0,*"+8"$;T67";T1"-,TUJ6*;J=0%,-J06"#,JK0,0JK$*>&+J*++">0,*"+TBCDBE
8&"3$&"2+9"%2"*:&"3;&"+'"63*3"<$%7&2")+/%&*,

9. 9
!"#$%&'(4,,1-'TT???81*+,&$&-,8%"5T1*+TPEUDE@DUVU@BEEVABV

10. 10
!"#$%&'(4,,1-'TTK0,0J=70*$8,$0*+*+;T67";-T6"",-,$011*+;J*+J$

11. 11
!"#$%&'(4,,1-'TT2?0+<0*-&$>*%&-8%"5TW1X@UBP
!"#$%&'()*+$,-++(.,&'"/$%+

12. 12
!"#$%&'(Y!Z
01,/213-2+$&'(4+-+(5()&%67$2-

13. 13
!"#$%&'(4,,1-'TT???866%8%"5T+&?-T051T,&%4+"7";3JBUCA@ODV

14. 14
!"#$%&'(Y!Z

15. 15
!"#"$%&'()*"*+($,$-(+.)/#0
1)/'"+02$3(4"52$-&+/"52$6#7/+8

16. 16
!"#$%&'(G"",-#*,&

17. 17
• Any information that relates to an identified or identifiable living individual
Different pieces of information, which collected together can lead to the identification of a
particular person, also constitute personal data.
• Personal data that has been rendered anonymous in such a way that the individual is
not or no longer identifiable is no longer considered personal data.
For data to be truly anonymized, the anonymization must be irreversible.
!"#$%&'%()*'+,#-%.#$#/
!"#$%&'([#$"1&0+(R"55*--*"+( 4,,1-'TT&%8&#$"108&#T*+="T70?T70?J,"1*%TK0,0J1$",&%,*"+T$&="$5T?40,J1&$-"+07JK0,0]&+

18. 18
Personal
• a name and surname
• a home address
• an email address such as
name.surname@company.com
• an identification card number
• location data, e.g. mobile phone location
• an Internet Protocol (IP) address
• a cookie ID
01#23-)'%+4%.#$#
!"#$%&'([#$"1&0+(R"55*--*"+( 4,,1-'TT&%8&#$"108&#T*+="T70?T70?J,"1*%TK0,0J1$",&%,*"+T$&="$5T?40,J1&$-"+07JK0,0]&+
Non-Personal
• a company registration number
• an email address such as
info@company.com
• anonymized data.
Personal (cont’d)
• the advertising identifier of your phone
• data held by a hospital or doctor, which
could be a symbol that uniquely
identifies a person

19. 19
For Data Owners
• Privacy
• Spams / Annoyance / Unsolicited ads.
• Identity Theft
• Commercial frauds
• Defamation
• Business crimes
5+,6)*,'
!"#$%&'([#$"1&0+(R"55*--*"+( 4,,1-'TT&%8&#$"108&#T*+="T70?T70?J,"1*%TK0,0J1$",&%,*"+T$&="$5T?40,J1&$-"+07JK0,0]&+
For Users of Data
• Ethics
• Legal liabilities
Fines
Imprisonment
for Individuals and Business Entities

20. 20
!"#$%&'(:^(F">&$+0+%&(M,K8_(Q8/8( 4,,1-'TT???81*+,&$&-,8%"5T1*+TEC@BPPDA@VUUEBVVO

21. Use Cases
21

22. Public Security, Public Health
and Smart Cities
22

23. 23
!"#$%&'(`&?-?&&2.(`&?(a"$2(^*5&-.(^&%4+"%$0%3.(!RL)

24. 24
!"#$%&'(^40*70+K(R&+,&$(="$(R">*KJ@O(!*,#0,*"+(9K5*+*-,$0,*"+(bRR!9c(>*0(^4&(`0,*"+

25. 25
!"#$%&'(%"#$,&-3("=(!#1&$L01.(!%*&+%&H*$&%,.(;"";7&(*50;&-

26. Sovereign States exert Certain Levels of
Privileges over Collection and Processing of Data
for Public Benefits
26

27. Private Health
27

28. 28
!"#$%&'(4,,1-'TT1*+8*,T@:d"6UZ

29. 29
!"#$%&'(4,,1-'TT???8%6*+-*;4,-8%"5T$&-&0$%4TK*;*,07J4&07,4J5&K*%*+&J50$2&,J501J%"510+3J7*-,

30. 30
!"#$%&'(4,,1-'TT4&07,4,&%450;0N*+&8+&,T0$,*%7&TCD@OT@DT?40,J4011&+-J-,"7&+J4&07,4%0$&JK0,0J1&$=%"+ J 4,,1-'TT1*+8*,TU-;e&I/

31. 31
!"#$%&'(4,,1-'TT1*+8*,TPdFRO%=(J 4,,1-'TT1*+8*,TCG9f$YQ

32. 32
!"#$%&'(4,,1-'TT1*+8*,TE)PSK,"

33. 33
Implications for
Data Engineers & Data Scientists

34. 34
!"#$%&'(^4*$K(I"%2_(:+%8( 4,,1-'TT,4*$K$"%28%"5T;K1$
=6>?"@+0A.%32/&"?&B1%$&0&2*)

35. 35
!"#$%&'(4,,1-'TT1*+8*,TBaA=&Of

36. 36
Final Remarks on
Governance: The Big Picture

37. What is Corporate Governance?
• Corporate governance is the system of rules, practices, and processes by which a firm is
directed and controlled.
• Corporate governance essentially involves balancing the interests of a company's many
stakeholders, such as shareholders, senior management executives, customers, suppliers,
financiers, the government, and the community.
• Since corporate governance also provides the framework for attaining a company's
objectives, it encompasses practically every sphere of management, from action plans and
internal controls to performance measurement and corporate disclosure.
37
!"#$%&'(4,,1-'TT???8*+>&-,"1&K*08%"5T,&$5-T%T%"$1"$0,&;">&$+0+%&80-1

38. Data Governance
Data governance therefore
• is the system of rules, practices, and processes by which data within a firm is directed
and controlled;
• involves balancing the interests of a company's many stakeholders;
• encompasses every sphere of management within a company.
38
!"#$%&'(0K01,&K(=$"5(4,,1-'TT???8*+>&-,"1&K*08%"5T,&$5-T%T%"$1"$0,&;">&$+0+%&80-1

39. 39
Data Governance …
from IT to I&T

40. 40
!"#$%&'(:!9R9( ^4&(:+="$50,*"+(!3-,&5-(9#K*,(0+K(R"+,$"7(9--"%*0,*"+

41. 41
!"#$%&'(:!9R9( ^4&(:+="$50,*"+(!3-,&5-(9#K*,(0+K(R"+,$"7(9--"%*0,*"+

42. 42
!"#$%&'(:!9R9( ^4&(:+="$50,*"+(!3-,&5-(9#K*,(0+K(R"+,$"7(9--"%*0,*"+

43. 43
!"#$%&'(:!9R9( ^4&(:+="$50,*"+(!3-,&5-(9#K*,(0+K(R"+,$"7(9--"%*0,*"+

44. • Tremendous amount of data are generated, consumed and leveraged for great benefits
of Individuals, Businesses and Public nowadays. The growth is exponential.
• With great power comes great responsibility
• Collect, store and process data for a reason
• Handle ‘magic swords’ with care. Always observe good governance principles.
• For managers, plan and manage data across life-cycle properly.
For operators, act responsibly. Respect owners of data.
• Don’t let privileges become liabilities.
44
7)8%9#:)#;#8'

45. Thank You