Today, the 28th of January is World Data Privacy Day. It is a day to raise awareness and promote privacy and data protection best practices. It provides a perfect opportunity to focus on security best practices for protecting personal information and addressing compliance demands as governments and businesses obtain the personal data of users on a daily basis.
It has been 16 years since the first Data Protection Day was first held in 2007 to raise awareness and promote privacy and data protection best practices. For this year’s celebration, I spoke with Hyther Nizam to understand the essence of how technology is helping to enhance workplace privacy. Hyther is the President, of MEA at Zoho Corporation.
I asked if enough has been done to sufficiently bring attention to the subject of data privacy and Africa. He thinks that the rate of awareness among citizens differs from country to country often depending on the level of proactive policies in place.
“In some countries, there are very stringent privacy laws. As a result, the citizens and consumers are privacy conscious. And, in some of the developing countries, the definition of privacy ten years ago has changed drastically today but it may not be as advanced as we have it the developed economies. But, in all, I think that we are better off from where we started”, he explains.
With the rapid rise in digitisation as a result of the COVID-19 pandemic, there has been an accelerated rate of privacy laws adoption and implementation. So far, Ghana, Kenya, Madagascar, Mauritius, Nigeria, Rwanda, South Africa, Togo, Uganda and Zimbabwe have implemented their versions of Data Protection Acts (DPA) to protect and secure the personal information of their citizens.
For instance, in Ghana, data protection is regulated under the Data Protection Act, 2012 (DPA) together with Article 18(2) of the 1992 Constitution. In 2019, Kenya passed Kenya’s Data Protection Act (DPA), which is the primary legislation governing the collection and processing of personal data in Kenya.
In Madagascar, the privacy of data is mainly governed by Law No 2014-038 dated January 9 2015, on personal data protection (Malagasy Data Protection Law). In September 2020, Mauritius signed and ratified the Amending Protocol to the Convention for the Protection of Individuals with regard to the Processing of Personal Data.
And, Nigeria issued the Nigeria Data Protection Regulation 2019 (NDPR) through the National Information Technology Development Agency (NITDA) in January 2019. The following year, NITDA released the NDPR Implementation Framework (NDPRIF) to ensure the effective implementation and enforcement of the NDPR.
Read also: Nigeria Data Protection Bill: What it means for Nigerians
Yet, compared with what is possible, not a lot has been done in Africa. The continent’s model instrument on privacy and data protection, the African Union Convention on Cybersecurity and Personal Data Protection has been signed by just 14 countries and only eight countries had ratified it by June 2020.
Hyther believes that in the absence of prevailing policy regulations, most of the responsibilities of keeping consumers of technology solutions safe become the prerogative of tech companies.
He told me about Zoho’s commitment to keeping users safe.
“I recall that we rolled out of first privacy document at Zoho in 2006. We are committed to the fact that we are not going to own our customer data. We are not going to sell our customer data and we are not going to sell advertisement to our customers. So, when the privacy policies started to roll out years later, it was easy for Zoho to adapt to the policies.”
Similar read: Zoho to open Lagos office in July, announces special business offering
On Workplace Privacy and Zoho Solutions
Workplace privacy includes the various ways of accessing, controlling, and monitoring employees’ information in the work environment.
The increased dependence on the internet in the workplace has created concerns about safety for both employees and employers. Employers have also been known to have access to employees’ information to ensure compliance and avoid liabilities.
Technology enables employers to keep tabs on many aspects of employee workplace activity. The idea is to observe employees’ “digital footprints” and as a result gain insight into employee behaviour. Numerous kinds of monitoring are legal but some may brother on privacy incursion.
Hyther believes that Zoho’s policy on employee monitoring is perhaps the best to adopt. According to him, “if you want to get the best out of your employees, it is best not to monitor them”.
“That is a part of the Zoho culture. We give space to the employees. We allow them to work based on their convenience during the period of the COVID-19 lockdown when people worked from home. Of course, we installed top-notch security apps but it was not our objective to monitor the employees in their daily lives.”
Yet, he explains that while it is important to protect employees and their data without necessarily monitoring them, there is a need to monitor and protect the data of the consumers by putting in place measures that guide how they interact with work data.
“In our case, we had a software installed on all work gadgets- laptops, phone and tablets that prevented our employees from downloading and exporting any of our consumer’s data into their gadgets. Access to customer data was limited to some staff with some level of permission. So, we we able to ensure privacy without necessarily monitoring employees’ activities.”
Going forward…
As we celebrate another Data Privacy Day, it is important to reflect on what the notion of data protection entails and how that affects the lives of people.
Governments need to think about Data Privacy regulations beyond the notion of compliance to actually protect the data and privacy of citizens. It is important to start incentivizing the adoption of best practices for corporate players and end-users alike.
On the other end of the equation, organizations need to adopt security strategies that include regular risk assessments to identify vulnerabilities and threats. They need to adopt top-in-town innovative data encryption solutions to protect users against unauthorized access as well as make adequate incident response and data recovery plans.
So, employee training on security best practices and threat identification as well as ongoing software and system updates to address known vulnerabilities and the latest security patches should be the priority for all.
Implementing these steps will help the government, organizations and individuals to better protect their data and ensure the freedom that all parties deserve.