Debbie Reynolds “The Data Diva” talks to Sanjeev Gathani, Lead Facilitator & Group Compliance Better Business Governance - APAC PTE. LTD and RV Group (S) Pte Ltd, Governance, Risk and Compliance Professional, Singapore. We discuss Gathani's expertise in privacy and the current state of privacy discussions in the Asia-Pacific region. The conversation also touched on the recent privacy developments in Asia, including government retention of data and criminal penalties for privacy violations. Additionally, we talk about the growing focus on data localization in Asia and how it is seen as a way to increase security and economic benefits. The importance of considering each individual and organization's unique needs and challenges when it comes to privacy and AI was also highlighted. Gathani shares his thoughts on how AI can offer both benefits and potential harm and his hopes for the future of Data Privacy.
Debbie Reynolds “The Data Diva” talks to Sanjeev Gathani, Lead Facilitator & Group Compliance Better Business Governance - APAC PTE. LTD and RV Group (S) Pte Ltd, Governance, Risk and Compliance Professional, Singapore. We discuss Gathani's expertise in privacy and the current state of privacy discussions in the Asia-Pacific region. The conversation also touched on the recent privacy developments in Asia, including government retention of data and criminal penalties for privacy violations. Additionally, we talk about the growing focus on data localization in Asia and how it is seen as a way to increase security and economic benefits. The importance of considering each individual and organization's unique needs and challenges when it comes to privacy and AI was also highlighted. Gathani shares his thoughts on how AI can offer both benefits and potential harm and his hopes for the future of Data Privacy.
29:15
SUMMARY KEYWORDS
data, privacy, asia, debbie, people, singapore, ai, world, talking, thoughts, government, country, forgotten, happening, sanjeev, cardiologist, laws, issue, jobs, collected
SPEAKERS
Sanjeev Gathani, Debbie Reynolds
Debbie Reynolds 00:00
Personal views and opinions expressed by our podcast guests are their own and are not legal advice or official statements by their organizations. Hello, my name is Debbie Reynolds. They call me "The Data Diva". This is "The Data Diva" Talks Privacy podcast, where we discuss Data Privacy issues with industry leaders around the world with information that businesses need to know now. I have a special guest on the show today, all the way from Singapore. Sanjeev Gathani. He is the lead facilitator, group compliance, and HR officer of Better Business Governance APAC PTE, Ltd, and RV Group. Welcome, welcome.
Sanjeev Gathani 00:49
Welcome. Thank you, Debbie.
Debbie Reynolds 00:51
Well, this is truly exciting. You and I have been talking probably well over a year trying to get a session together. I was really fascinated by your work. We've had great chats and conversations and emails. And, you know, I feel like the markets for privacy in APEC nations or countries or regions is underrepresented when we talk about privacy, because a lot of privacy talk is around what's happening in Europe and US. And obviously, there's more to the world than European and the US. So I think you have such a unique perspective with the work that you're doing is really fascinating. And so I want to get your thoughts about how did you come to privacy, what has been your career trajectory and what started your interest in privacy?
Sanjeev Gathani 01:52
Okay, so thanks for the question. Again, thanks for having me. So my journey in privacy began about seven years ago. Right? So by profession, I'm a forensic accountant and an internal auditor, so I had no clue about privacy, except for the spelling of privacy. Okay. And when I started my journey in privacy, I was working for a US company, which I can name, it's called Goodyear, Singapore tires. And being a US company, they had a privacy policy; they ticked all the boxes. But I had no idea that there is a privacy policy because it was kept in a place where God only knew where it was kept. But that's what it is. Then I started reading up about privacy. And one of my friends told me that, why don't you try to go into space? I said, What is privacy? And he said. It's private. I said, Yes, I know, privacy is private, but what is private? So then he explained to me that privacy is all about protecting your personal data. Then I asked him, What is personal data? Then he said, think of it as identity theft; then I understood because, being a Certified Fraud Examiner from the US, I then understood what he was talking about and how people play with your data, create another identity and mess up your own life. So that's when I started my journey. And then I never looked back. You know, I took my exams in privacy, got myself certified in various countries. And to date, I'm still studying privacy.
Debbie Reynolds 03:50
It's fascinating. So I know you have certifications in Asia, Canada, and different regions. And so, I guess I'm a nerd, and a geek because I love to read about privacy and find out how it's different in different countries or regions. So there's a ton happening in privacy right now. And definitely in Singapore and Indonesia, Malaysia, you know, so I want your perspective especially for people who are not in Asia. Give me your perspective about what's happening in Asia that maybe people don't know or understand or need to know.
Sanjeev Gathani 04:38
Okay, it's a great question. Debbie, I mean, in Asia, I think people need to understand there is a fundamental difference in Asia privacy laws versus that of Europe or the US, right? So if you take Europe, for example, you have the right to be forgotten. Right in Asia, there is no such thing. Okay, let's be very candid about it; a spade is a spade. Secondly, in Europe and in US, you know, you have got this thing called freedom of speech freedom of rights, where you as an individual or data subject can question the government. Right? In Asia, we do not have such things because the governments are regulated by other legislation. Right, my case in point here would be during the COVID-19 pandemic, where the whole world was in a hoo-ha, right, and the government used to collect data on people's movement for contact tracing, right? And that was the pretext under which data was collected. Now, how this data was collected, how it is going to be used, and how it is going to be then started and eventually disposed of became a very hot topic in Asia, in Parliament? And subsequently, the answer that came out is national security. Right? You ain't got nothing to say. And the bill was passed. And hallelujah, we went through with COVID. Right. But it's very interesting that you know, they collected all the data, including my data, right, which is now with the government that tells you on this stage, this time, sound different, blah, blah, blah, blah, blah, blah. Right. And it is made such that you couldn't not have it, because if you decide not to use your handphone, or the Bluetooth, right, you can't enter a building. Right? You didn't use your token, you can enter. Now, if you can enter the what do you do? So there was a clear demarcation made? Right? Either you use it, or you enter into either you're vaccinated, you can enter if you're not vaccinated, you cannot enter. So clearly, all this data is somewhere. Right. And it used to give people or marketers a lot of information. So whether it has been abused or misused? I don't know. But there is definitely a big concern among many people that what has happened to all this data. Right, because there is a whole lot of data out there.
Debbie Reynolds 07:41
That's true. That's true. I didn't think about that. Right. So I think, you know, this issue is happening all over the world as well, around kind of that data collection, because I think what COVID did was it sort of broke the barrier, where before, you know, your medical records or things are going on with you are more private, that we're in a more medical space. But then, because it was kind of an international emergency, a lot of that stuff spilled over into the government space. And as you say, it isn't clear. You know, we know that once governments get data, they don't want to get rid of it. So Lord knows what they're going to do with it after this.
Sanjeev Gathani 08:25
I think you raise a very good point, Debbie, in that, if I'm not wrong in Canada, they had a huge outcry on this, right? And they did not allow the government to collect the data. Right? Well, in Asia, in most streets, you will find cameras where your image is captured. And there is a debate going on now in Asia, to what extent can you use the images? And this was done in Singapore Parliament as well. I think the minister was questioned that, how do you use all these images? And for what purposes is the police or law enforcement going to use it? Right, it raises a whole string of questions. Right, if you, Debbie came to Asia and your image has been captured, now, do you have any say because you are entering a different country? You are an American citizen? Based on what I understand about privacy law, you will need to be afforded the same level of protection that you get in your country, whichever is higher. So, in this case, what are you going to do, Debbie? Are you not going to move? Because the moment you land at the airport, there are cameras. So it's going to be fascinating and today, I think you know the travel has opened up, everything is automated. Have you got robots talking to you and taking your pictures? Where is everything going? And where is it being stored? This is the cloud.
Debbie Reynolds 10:11
Everything is in the cloud. So I want your thoughts about this. So one thing that I'm noticing is a trend that's been happening in Asia, and I definitely want your thoughts about this. So what I'm seeing in Asia, even in Australia, like Australia, India, different places, are seeing laws or regulations being passed, where they're creating criminal penalties for Data Privacy, people or technology people, like if they run afoul of a data protection law. So this hasn't reached that state in the US or Europe yet, but I do see that trend, definitely in Asia. So tell me a little bit about that.
Sanjeev Gathani 11:08
Okay, so it's another great question. In Asia, in Malaysia, it's a criminal offense. And I believe that even in other countries, other parts of Asia, it's criminal, but because they are facing other issues, right? Nobody has gone behind, per se. Right, so if you look at Singapore privacy laws previously, the fine was capped at 1 million. And now it has changed. Now the fine is going just like in GDPR, on your turnover, of whichever is higher. Right, then they talked about when you need to notify the regulators when there is a breach. So again, that has changed. Before in Singapore, it was x. Now, they say that 500 records or if material information about the data subject has been compromised. So if it's your national identity number or your passport number that will be compromised, then it doesn't matter whether it's one record or 500 records. And then they talked about data portability, right? Because what they've realized now in Asia is that a lot of data gets transported through laptops, to pendrive, to God knows, whatever other devices that you have, right, and then you move it from one country to another. And you could potentially be taking data of data subjects of citizens of the EU, or even the US for that matter. And going to a country where there is absolutely zero laws on privacy.
Debbie Reynolds 13:10
Yeah, that's fascinating. So you know, actually, when you say that, it leads me to another thing about a job that I think is really interesting, and you kind of touched on it a bit. So also, one thing that I'm noticing in Asia and APEC countries is that there seems to be a lot more focus on data localization. So, you know, trying to keep the data where it is. And so part of that, I don't know, I want your opinion on this. So I think it's two big reasons I see this happening, and I'd love your perspective on it. So my thought is that one reason is the idea that if the data is not taken out of the country or out of a certain region, it protects it better because then the data which is in that region is subject to the laws in that region. But then also what I'm seeing as a feature, I think, of data localization is around economics. So I feel like some of these laws are like, we want, for example, someone in Singapore or someone in India, to have that job, right, as opposed to maybe someone in a different country. So trying to bring more of the economics back to the region where people who are local to that region, like have those those particular jobs, I don't know what are your thoughts about that?
Sanjeev Gathani 14:45
So that's a very interesting question again, Debbie. I mean, that was what yesterday, I was discussing with my friend who, like I mentioned to you, is a member of this Asia GPO Association, right? Now, they are trying very hard to do data localization, just like in China. And I think that's where the US has a problem with China. Right? Because who has ultimate jurisdiction over the data? Right? Because ultimately, when you put it in the cloud, where is the cloud? The cloud is up there somewhere. So it becomes a big problem. And you're right. Part of it is to do with economics. Because I want the jobs to be secured in my nation today. I think there are a lot of people who are unemployed. There are a lot of people who are in an economy where it's a totally different economy than what I and potentially what you have seen, right? The jobs of the future. I don't think they are here yet. Right? The jobs of the future are basically your gig economy, right? of people that are going to be totally borderless, where data is going to be borderless, where you know, at the speed of light, you're going to move data from A to B, right? Because you are not going to have it any other way. Because the world has really learned after COVID 10 days, impossible is nothing. Right? We all thought that we would have perished. It will be the end of mankind. But COVID has taught us the other way, you know, how to live with technology. Now, whether it's right or wrong, I don't know. Because today, I don't know about the US. But in Asia or in Singapore, you can literally open a bank account sitting at home. You don't have to go to the bank. And even now you go to the bank, you're talking to a robot. The robot is telling you to do step a, step b, step b, and here is your ATM card; take it and buzz off, right? It's easy, it's tough because then the question comes about privacy, you know, because you are releasing certain information to a machine, the machine is communicating to somewhere, somebody that is being stored somewhere somehow how it is being stored, used. It's going to raise a whole bunch of other questions.
Debbie Reynolds 17:30
Now, that makes me think about AI and privacy, right? You know, we now have these algorithms that are being created. So a lot of jurisdictions around the world are honing in on AI because they want it to be more transparency there. We know that AI's can be very biased and narrow and how they define things. And then we also know, like people like me, I don't necessarily fit in a box, right? So it's hard to have systems that, for example, are made or developed for different for other people, and then try to push it on everybody when it doesn't quite fit. So I think a lot of the privacy issues around AI regard, you know, trying to figure out what AI is doing, and then trying to figure out what decisions are being made about people, especially in a way that can harm them. So tell me your thoughts about AI and privacy, the challenge there.
Sanjeev Gathani 18:41
I mean, it is one of the areas where I do not have much knowledge, but what I have seen is that, you know, AI is going to take over in many areas, right? Because I personally have got my own medical issues. And you know, somehow somewhere that be and I'm not kidding you, me, I get emails, I get messages pushed to me saying that I need this sort of medication, or I need this sort of treatment. Now my question then comes how did these people get the data? Obviously, they got the data from the hospitals that I visited, from the treatment that are undertaken by the doctors, the cardiologist, the dietician that I visited, right, somewhere their algorithms, right, where they asked me to visit certain websites, and then I visit for some reason or the other the cookies would pick up certain things, and God knows what they pick up and then I get all these meals. So I think it is the way of the future. It can be used as a boon and a bane. It just depends on how you're using it, but I don't think it is there to go, I think it is there to stay. And with the developments of medical science, I think this thing is a huge, huge game changer. Because today, my cardiologist, while I'm talking to you here, he can basically be monitoring me sitting in the US. And he just needs the data. And when the data is there, right, he will know what to do because it happened to me when I was in India, and I had a medical emergency. Because my data was available. The surgeon in India knew what to do. Had he not gotten the data. I won't be talking to you today when I would be in a box.
Debbie Reynolds 20:53
Right. Right. That's amazing. So thank you for that. Thank you for that perspective; I think AI and things like that are a double-edged sword, right? So I think when these technologies are used, in my view, to help people, they are doing their best, right? So AI can do things that humans can't do, right? Can do maybe things like, you know, volume, or do things at a different speed, that definitely helps people. But I think also, you know, we also have to look at the downsides, we have to make sure that we're also not harming people in the process. So, you know, I think this also goes back to your point about kind of data retention, like having data store, so like the COVID example you gave us perfectly. Okay, so we have this huge global issue with COVID. Things were very bad for a number of years. These are improving or, and then, you know, there really isn't any clear line of demarcation, as you say, for you know, so when this issue has expired, will that data still be kept? Right, or should they be kept? So I think, you know, that issue will still continue, especially as we know, the way people make data systems, their systems are made to remember data and not to forget data. So I think so.
Sanjeev Gathani 22:36
Yeah. Sorry to interject that very, but you raise a very good point. So I just wanted to add on this, when they talk about data anonymization. Right. So the surgeon that did my operation was before in prior in government practice, then he moved to private. Now, many might say that he would not have taken the data with him. It is right. But in his mind, right Debbie, he can basically map out right saying that okay, Sanjeev Gathani this problem, blah, blah, blah, put in an Excel sheet. It's data. Right after that, there is a follow-up. So I'm still with him. Right, though he has left public practice to go into private. Now, the question that you raise is, how long do you keep the data? After how many years? Based on again, I'm not sure in the US, but the statute of limitation year is seven years. Right? After seven years. What do you do? Do you discard it? Do you keep it? Do you still, as a patient, have the right to sue the doctor? It's seven years post-operation? I mean, nothing is guaranteed in a lifetime. Right? Yeah. But again, there is data. Correct? And then where does that doctor then share it with other people? I'm sure they know how to play the game and anonymize it in such a way where then, you know, you get the information that you need.
Debbie Reynolds 24:09
That's right. That's right. But you're absolutely right.
Sanjeev Gathani 24:13
It's a boon and a bane. I mean, I had friends whose identity was recreated for bad purposes. Right for two years, they suffered in the US because of your credit rating. They couldn't get anything. Right. You're not I think that the battle is in our hands, how we use the data. And, you know, I think it's going to be a never ending debate.
Debbie Reynolds 24:41
I agree. So if it were the world according to Sanjeev and we did everything you said, what would be your wish for privacy anywhere in the world? So in Singapore anywhere, whether it be law or technology, human nature stuff, what are your thoughts?
Sanjeev Gathani 25:01
I mean, my wish would be, you know where it will be a very ideally idealistic answer, but where the data subject has control over his or her life? Because it's very interesting, right? If you committed a crime in Asia, I don't think your record get expunged in any way. Right? It is stuff. I mean, you could have made a mistake. No, that'd be when you were 17. I mean, at 17, I hardly even knew the ABCD of life. Right? You made a mistake. And then now I'm 51. Now, are you going to penalize me for something that I did when I was 17?
Debbie Reynolds 25:45
Right.
Sanjeev Gathani 25:48
But it is what it is, and it's not going to go. And because of that bad record, I potentially can’t move on in my life. But that's what it is. It is can you be forgotten. Like they say, the right to be forgotten, right? It's very interesting that you have that in Europe. And, you know, you write let's say to Facebook, and remove your data, right, you didn't really remove your data.
Debbie Reynolds 26:20
Right, right. Yeah. Right. And, you know, actually it's interesting. So I know that the UK has a thing where like, say, for instance, someone has committed a crime and they go to prison or something of certain offenses, they can be forgotten. So it's considered that once they pay their dues, quote, unquote, to society, in certain crimes, they can be, you know, forgotten, and it gets expunged. But that's not the way things are. In most places, it's like those trees follow you like for the rest of your life, right?
Sanjeev Gathani 26:58
Yeah. I mean, it's like if you commit a criminal breach of trust, right, and then you say, you, Debbie, want to become a director. Now, right? How can I make you a director when you have done CBT? Right, or if you're a rapist? Now, if I let you loose? God, you're going to do what else? I don't know. Right? Yeah. I'm not saying they don't deserve a second chance. But it is like you said a Catch-22? Because right, then you draw that line between the right to be forgotten and the right not to be forgotten. That's right because today, I mean, I don't have a Facebook account. I can tell you, Debbie, every other day, I receive an email from Facebook saying that this is your passcode to your account to unlock it.
Debbie Reynolds 27:43
Right.
Sanjeev Gathani 27:44
Wondering where did facebook get my information, contact your Mark Zuckerberg, don't ask him.
Debbie Reynolds 27:57
Oh, my goodness. Oh, my goodness. Well, thank you so much. This has been really enlightening. I'm excited for us to be able to do some collaboration together because I think there needs to be more exposure about what's happening in Singapore and all these different countries. And then also there needs to be more collaboration around the world, because even though we're in different locations, we're all human, and we're all dealing with the same issue. So I think that that type of conversation is very important. Excellent. Well, thank you so much. I really appreciate it. This is going to be a great episode. I know people will like it as much as I do. Okay, bye-bye.
Sanjeev Gathani 28:36
Thank you, Debbie.