BitDepthFeatured

Building a company data protection regime

4 Mins read

Above: Veneto’s Julian Hayes.

BitDepth#1404 for May 01, 2023

“Now is the key time to prepare, to set the groundwork in implementing a good data protection and cybersecurity strategy in anticipation for a change in the regulatory environment,” said Julian Hayes, Managing Director of Veneto Privacy Services, based in Dublin, Ireland.

Hayes has done consultancies in Jamaica when businesses in that country came to terms with the robust legislation in place to protect data and customers.

Jamaica brought its Data Protection Act into law in June 2020 and by December 2021 had appointed Celia Barclay as its first Information Commissioner.

Jamaica gave businesses operating in that country two years to become compliant and register with the Office of the Information Commissioner.

During that time, Barclay will be bringing the operations of her new office into force.

“The biggest thing that concerns businesses in Jamaica is not being prepared for a cyberattack,” Hayes explained.

“There’s an expectation from customers that the business is fully up to speed and prepared to prevent cyber attacks because of regulatory fines.”
“Criminal attacks are a primary threat, but the reputation of the business is important, and it’s critical to maintain the best position to respond to cyber attack.”

Jamaica’s data protection act legislates fines up to $222,000 (JA$5m) and prison terms of up to ten years for infractions under its laws.

Barbados appointed its Data Protection Commissioner in July 2021.

Trinidad and Tobago’s Parliament recently granted the Government an 18-month extension – over the objections of the Opposition – to prepare amendments to local data protection law. It’s been 12 years since the first laws for data protection were partially proclaimed.

Among the services, that Veneto provides for businesses is the Data Protection Officer as a Service.

“Some companies obviously have a preference to have an internal officer, but
depending on the sector that you’re in, a services company can provide the services of a data protection officer.”

It’s been 12 years since Trinidad and Tobago partially proclaimed its Data Protection Act, the government is currently working toward completion in 18 months.

Veneto’s remote officers monitor compliance within an organisation, and provide solutions to enhance privacy rights, training employees, minimising the data that the business collects and implementing appropriate security controls across the data sets that the company is using.

When Veneto discusses cybersecurity services, there’s usually some awareness of potential weaknesses and liabilities.

“Clients are already looking to get a solution. They might want a better briefing on the law and what it means for their sector specifically. Whether it’s the banking sector or a retail operator, there will be different data protection risks relating to the data they are handling.”

“They are definitely preparing and not at the wait-and-see stage. They want to make an investment but they don’t want to be oversold.

“I’ve talked to two business in the region and they don’t want to be oversold on something that’s going to exceed their needs. They want a critical baseline in good monitoring and detection capability for threats and then have very efficient countermeasures for any sustained attacks, but also they often seek advice for basic business continuity activities like backups and information to be able to keep the business running if they were to suffer a serious attack.”

“You need to make an investment that’s suitable to the proportion of risk that you face. If you’re a medical company and you’re handling very sensitive medical data for hundreds of thousands of patients, you’re going to be a prime target. Here in Ireland, we had a major cyberattack three years ago on the state health care service and they shut down the health service for about two weeks.”

Hayes has found that many businesses overlook affordable, straightforward protections for their networks that are relatively easy to implement.

“On the last project I did, there was a big issue around endpoint encryption. There was no device encryption for laptops and there were a lot of staff working remotely with no protection for the laptop if it got lost or stolen. The data could be easily taken off the drive if the device was taken.”

“We recommended installing very basic endpoint security which didn’t amount to any more than US$15 per license for each machine. But that gave that assurance that information was backed up and the device was secured.”

Illustration by goodstocker/DepositPhotos

“Another client who operates remotely had many of their employees on the road and they weren’t using secure connections. They might be using Wi-Fi in public places or hot-spotting off their phone but never over an encrypted communication channel.”

“So we implemented the rollout of a Virtual Private network (VPN).
Again very basic. End user cost is like US$5 for each user, but these are excellent protection measures that can thwart most local attacks.”

Hayes recommends that the first step for businesses is to map the processes within the organisation.

“If you’re a pharmacy provider, you have retail presence, you’re going to have data collection within the stores, you’re going to be receiving prescription information from doctors. Map each of these processes and be clear which are low-risk and which are high-risk.”

“If you have CCTV in the store, that’s also capturing personal data with images. You need to understand where it’s being stored who has access to it and how secure it is.”

“Map your organisation’s data processing, make a basic worksheet so you can understand where you are and can explain what you do.”

The state of Caribbean digital transformation

The state of Caribbean digital transformation

Despite 87 per cent believing that digital will disrupt their industry, 87 per cent acknowledged that they don't have the right leaders
Read More
The WordPress War

The WordPress War

WPEngine and the websites of its customers were blocked from the WordPress log-in system theme and plug-in updates and other background processes that enable a Wordpress website.
Read More
A budget of concrete and asphalt

A budget of concrete and asphalt

Four years after Hassel Bacchus took up the pioneering role of Digital Transformation Minister, the 2025 budget could not identify any completed transformation project that's positively affected citizens.
Read More
Arima’s first step toward becoming a smart city

Arima’s first step toward becoming a smart city

The public WiFi was officially activated on September 28 at the hospital, and it's fast. A local ping registered 250 megabits of download speed and 126 for upload.
Read More
Now hear this!

Now hear this!

Budget headsets will effectively dampen ambient sounds, but tend to be an all or nothing solution.
Read More
A taxing time for all

A taxing time for all

Tax collection began using the least customer-friendly interface imaginable, lines outside a government building.
Read More
Mobile devices, a war of increments

Mobile devices, a war of increments

Mixing and matching the two rival ecosystems is essentially impossible, so it's the utility of the products combined that makes the biggest difference.
Read More
Why cash is king in Trinidad and Tobago

Why cash is king in Trinidad and Tobago

In 2017, 16 per cent of users owned a credit card, a figure that dropped to 15 per cent by 2023.
Read More
I shopped at Temu!

I shopped at Temu!

Temu is great fun to explore and offers many bargains but product quality can be wildly variable.
Read More
What’s needed to make e-Governance happen?

What’s needed to make e-Governance happen?

“If we look at successful governments that have achieved a certain level in of success in these programs, some things stand out."
Read More
Changing the education conversation

Changing the education conversation

There are local schools that aspire to continuous improvement and others that struggle to make it through a working day without bloodshed.
Read More
Practical steps to reducing cybersecurity risks

Practical steps to reducing cybersecurity risks

The process, to be effective, must be ongoing and managed to ensure that vendors meet required standards.
Read More
The consequences of careless code

The consequences of careless code

The cruel reality of Crowdstrike is that it wasn't a cybersecurity attack. It was a quality of service lapse and the incident puts IT professionals in an odd space.
Read More
What leaders are doing to enable digital transformation

What leaders are doing to enable digital transformation

If people in your organisation are coming to you, telling you we need to change these things, you really should listen.
Read More
Apple’s photography workflow

Apple’s photography workflow

Every Apple device has a Photos database and every image that's taken with a mobile iOS device or imported into the desktop Photos app gets added to it.
Read More
An apathy of cybersecurity concerns

An apathy of cybersecurity concerns

It's weird when a definitive statement about the importance of cybersecurity comes from the people who broke into your digital house.
Read More
Putting data to work to improve perception

Putting data to work to improve perception

When it comes to the data, the numbers are there, but it also has to work alongside your goals.
Read More
The state of TT broadband, 2024

The state of TT broadband, 2024

In 2022, mobile internet penetration it had risen to 62.9 per 100 citizens, almost twice the penetration rate of fixed wireless.
Read More
Apple’s plan for device domination

Apple’s plan for device domination

Siri, at 13, gets an upgrade with Apple Intelligence, promising a significant upgrade on Siri’s smarts in a small language model that functions on device.
Read More
Adobe’s terms of disservice

Adobe’s terms of disservice

The activation servers for Adobe's CS, CS2 and CS3 products were shut down between 2013 and 2017. In May last year, Adobe stopped its customer support from deactivating perpetual licenses...
Read More
The state of Caribbean digital transformation The state of Caribbean digital transformation
The WordPress War The WordPress War
A budget of concrete and asphalt A budget of concrete and asphalt
Arima’s first step toward becoming a smart city Arima’s first step toward becoming a...
Now hear this! Now hear this!
A taxing time for all A taxing time for all
Mobile devices, a war of increments Mobile devices, a war of increments
Why cash is king in Trinidad and Tobago Why cash is king in Trinidad...
I shopped at Temu! I shopped at Temu!
What’s needed to make e-Governance happen? What’s needed to make e-Governance happen?
Changing the education conversation Changing the education conversation
Practical steps to reducing cybersecurity risks Practical steps to reducing cybersecurity risks
The consequences of careless code The consequences of careless code
What leaders are doing to enable digital transformation What leaders are doing to enable...
Apple’s photography workflow Apple’s photography workflow
An apathy of cybersecurity concerns An apathy of cybersecurity concerns
Putting data to work to improve perception Putting data to work to improve...
The state of TT broadband, 2024 The state of TT broadband, 2024
Apple’s plan for device domination Apple’s plan for device domination
Adobe’s terms of disservice Adobe’s terms of disservice

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

Related posts
FeaturedPress Releases

Samsung extends Knox security to its home appliances

2 Mins read
Knox Matrix is a security solution that comprehensively protects connected devices and networks using private blockchain technology.
BitDepthFeatured

Practical steps to reducing cybersecurity risks

4 Mins read
The process, to be effective, must be ongoing and managed to ensure that vendors meet required standards.
BitDepthFeatured

The consequences of careless code

5 Mins read
The cruel reality of Crowdstrike is that it wasn’t a cybersecurity attack. It was a quality of service lapse and the incident puts IT professionals in an odd space.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
×
BitDepthFeatured

What's happening with regional data protection legislation?

0
Share your perspective in the comments!x
()
x