Data Security and Data Governance: Foundation and Case Studies (including Privacy, Legal, Social and Ethical Issues) — Lecture for Data Science program at the Department of Information and Communication Technologies, School of Engineering and Technology, Asian Institute of Technology. Delivered November 4, 2020 at the Milton E. Bender, Jr. Auditorium.

1. Data Security
and Data Governance
Foundation and Case Studies
including Privacy, Legal, Social and Ethical Issues
Thiti Vacharasintopchai, D.Eng., ATSI-DX, CISA
November 4, 2020
FOR GENERAL AUDIENCE

2. 2
#construction
#techmanagement
#realestate
#university
#healthcare
Certified Information Systems Auditor (CISA)
ATSI DX expert
D.Eng. (AIT 2007)
M.Eng. (AIT 2000)
B.Eng. (Chula 1998)
About Me

3. DISCLAIMER
All views expressed are my own and
do not represent the opinions of any entity with which
I have been or am now affiliated
3

4. We are living in the ultra-connected world
4Source: Pinterest; Kaspersky; shutterstock; mobilecollectors.net; siamphone; Apple.com
…
Images subject to copyright of respective owners
A Brief History of Telecommunications – by Devices
1844 first telegraph
2020 5G 4K HDR
on-device ML - ultra personalized
1983

5. 5Source: https://hootsuite.com/pages/digital-2020

6. 6Source: https://hootsuite.com/pages/digital-2020

7. 7Source: https://hootsuite.com/pages/digital-2020

8. 8Source: US Chamber of Commerce Foundation - https://www.uschamberfoundation.org/blog/post/7-big-facts-about-data-driven-innovation/42045
We are now in the age of Data driven society

9. 9Source: https://www.pinterest.com/pin/357051076714556846

10. 10Source: https://data-flair.training/blogs/bootstrapping-in-r

11. 11Source: https://kwanjaiservices.com/?p=1743
Typical Business Analytics

12. 12Source: WSJ
Controversial Uses & Backfire

13. 13Source: https://www.bbc.com/news/amp/technology-47281906

14. 14
Data Governance & Security
Privacy, Legal, Social, Ethics

15. 15Source: https://hootsuite.com/pages/digital-2020

16. 16
• Any information that relates to an identified or identifiable living individual
Different pieces of information, which collected together can lead to the identification of a
particular person, also constitute personal data.
• Personal data that has been rendered anonymous in such a way that the individual is
not or no longer identifiable is no longer considered personal data.
For data to be truly anonymized, the anonymization must be irreversible.
What Is Personal Data?
Source: European Commission – https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en

17. 17
Personal
• a name and surname
• a home address
• an email address such as
name.surname@company.com
• an identification card number
• location data, e.g. mobile phone location
• an Internet Protocol (IP) address
• a cookie ID
Examples of Data
Source: European Commission – https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en
Non-Personal
• a company registration number
• an email address such as
info@company.com
• anonymized data.
Personal (cont’d)
• the advertising identifier of your phone
• data held by a hospital or doctor, which
could be a symbol that uniquely
identifies a person

18. 18
For Data Owners
• Privacy
• Spams / Annoyance / Unsolicited ads.
• Identity Theft
• Commercial frauds
• Defamation
• Business crimes
Concerns
Source: European Commission – https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en
For Users of Data
• Ethics
• Legal liabilities
Fines
Imprisonment
for Individuals and Business Entities

19. 19Source: IT Governance Ltd., U.K. – https://www.pinterest.com/pin/52143308167754669

20. Use Cases
20

21. Public Security, Public Health
and Smart Cities
21

22. 22Source: Newsweek; New York Times; Technocracy; SCMP

23. 23Source: Thailand Center for Covid-19 Situation Administration (CCSA) via The Nation

24. 24Source: courtesy of SuperMap; ScienceDirect; google images

25. Sovereign States exert Certain Levels of
Privileges over Collection and Processing of Data
for Public Benefits
25

26. Private Health
26

27. 27Source: https://pin.it/1Iqob7J

28. 28Source: https://www.cbinsights.com/research/digital-health-medicine-market-map-company-list

29. 29Source: https://healthtechmagazine.net/article/2019/10/what-happens-stolen-healthcare-data-perfcon - https://pin.it/7sgZeRK

30. 30Source: https://pin.it/3qGC9cf - https://pin.it/2HAXrWU

31. 31Source: https://pin.it/5P3Fdto

32. 32
Implications for
Data Engineers & Data Scientists

33. 33Source: Third Rock, Inc. – https://thirdrock.com/gdpr
GDPR Compliance Requirements

34. 34Source: https://pin.it/4Y8fe9X

35. 35
Final Remarks on
Governance: The Big Picture

36. What is Corporate Governance?
• Corporate governance is the system of rules, practices, and processes by which a firm is
directed and controlled.
• Corporate governance essentially involves balancing the interests of a company's many
stakeholders, such as shareholders, senior management executives, customers, suppliers,
financiers, the government, and the community.
• Since corporate governance also provides the framework for attaining a company's
objectives, it encompasses practically every sphere of management, from action plans and
internal controls to performance measurement and corporate disclosure.
36Source: https://www.investopedia.com/terms/c/corporategovernance.asp

37. Data Governance
Data governance therefore
• is the system of rules, practices, and processes by which data within a firm is directed
and controlled;
• involves balancing the interests of a company's many stakeholders;
• encompasses every sphere of management within a company.
37Source: adapted from https://www.investopedia.com/terms/c/corporategovernance.asp

38. 38
Data Governance …
from IT to I&T

39. 39Source: ISACA – The Information Systems Audit and Control Association

40. 40Source: ISACA – The Information Systems Audit and Control Association

41. 41Source: ISACA – The Information Systems Audit and Control Association

42. 42Source: ISACA – The Information Systems Audit and Control Association

43. • Tremendous amount of data are generated, consumed and leveraged for great benefits
of Individuals, Businesses and Public nowadays. The growth is exponential.
• With great power comes great responsibility
• Collect, store and process data for a reason
• Handle ‘magic swords’ with care. Always observe good governance principles.
• For managers, plan and manage data across life-cycle properly.
For operators, act responsibly. Respect owners of data.
• Don’t let privileges become liabilities.
43
Key Takeaways

44. Thank You