As governments hold increasingly vast amounts of citizens’ data, it is not surprising that citizens have high expectations of how their data is collected, used, shared and protected.
According to the World Economic Forum’s Global Risks Perception Survey 2017–2018, data protection issues have become the biggest concern for countries after environmental threats. To realize the economic potential of the digital economy, individual ASEAN governments must not only fully capitalize on the huge amounts of data they hold but also ensure their data governance programs are robust and able to integrate with, and operate across, regional networks.
In 2018, Singapore, as then-ASEAN chair, adopted the ASEAN Framework on Personal Data Protection and ASEAN Framework on Digital Data Governance. That was a starting point for internet governance and privacy regulation in the region. Since then, the National Privacy Commission of the Philippines has agreed to co-lead with the Singapore Personal Data Protection Commission in the development of the ASEAN Framework on Digital Data Governance to strengthen the region’s data ecosystem and cross-border data flow.
The ASEAN Framework on Digital Data Governance recognizes that the level of readiness and development among ASEAN member states varies. It highlights the importance of coordinating policy and regulatory approaches by providing a set of guiding principles to help member states in developing data governance initiatives for their specific digital ecosystems.
What effective data governance looks like
Data governance sets out the policy and guidance for data definition, ownership and stewardship, quality parameters, as well as classification of, and security guidelines for, the organization’s strategic data assets.
At the most basic level, government agencies and organizations need to find common business definitions across departments for critical data elements to avoid discrepancies. A thoughtfully designed data governance framework identifies these data elements, with common definitions assigned and maintained. It is equally important to assign ownership of data elements to appropriate stakeholders for accountability and to avoid conflicts.
A robust data governance program should also cover the entire data life cycle from its creation, interpretation and storage to processing, analysis and archiving. While ad hoc technical data quality checks and monitoring may already be in place in some public agencies, a wider data quality framework involving data owners and stewards is essential. With the transition of governments and businesses to remote working arrangements in light of the COVID-19 pandemic, a strong data governance framework is more important than ever. This is especially so in anticipation of any use of non-standard infrastructures and tools by unknowing employees or suppliers, which can have far-reaching implications that may compromise sensitive data.
Another important strategic priority is considering the cross-border flow of data in the ecosystem when designing for interoperability and integration across various systems — domestically and regionally — with the ability to scale and adapt to evolving circumstances and risks. In the current pandemic situation, the ability to access cross-border and cross-domain data will allow for a more comprehensive analysis and better understanding of the virus, as well as a collective regional response to the outbreak.
An economic differentiator
The current state is such that not all ASEAN member states have instituted comprehensive privacy laws and established data privacy regulators. But what is clear is that all countries have recognized the importance of data governance and taken steps to move the agenda forward. For example, in January this year, the Indonesian government submitted a bill to parliament that seeks to protect consumer data in the digital era. Taking another example, Singapore, in its national Budget announcement in February, has set aside S$1 billion over the next three years to build the government’s cyber and data security capabilities to further safeguard citizens’ data and critical information infrastructure systems.
On the domestic front, the proper governance of data will help to build citizens’ trust. It will also empower nations to use data more securely to enable public agencies and businesses to be more agile, effective and efficient in decision-making, and responsive to citizens’ needs.
Beyond that, the real challenge for ASEAN member states is to develop interoperable data governance systems. This will be vital to strengthening the intra-ASEAN digital economy, as well as the region’s ability to respond to the volatile external environment and meet the data regulatory standards of other major economic partners around the world.