From November 16-18, 2022 the United Nations Economic Commission for Latin America and the Caribbean (ECLAC) organized in cooperation with the Government of the Eastern Republic of Uruguay the Eighth Ministerial Conference on the Information Society in Latin America and the Caribbean.
Delegates from the public and private sector, the technical community, civil society, and non-profit organizations, including the Datasphere Initiative, met in Montevideo, Uruguay, to define a set of digital policy priorities in Latin America and the Caribbean.
The Datasphere Initiative participated in a session on data and cybersecurity. The panel discussed how data governance is impacting cybersecurity and the new frameworks and approaches that are emerging across the region. This blog captures key takeaways and shares 5 reasons why data governance is important when tackling cybersecurity:
1. To stimulate digital transformation
“We are not in an era of change, but in a change of era”, was one of the main messages shared at the panel. It is estimated that 175 Zettabytes of data will be generated by 2025 (IDC Data Age 2025). Unlocking the value of all this data equitably is an important factor in stimulating inclusive digital transformation. In this regard, more and more actors consider data governance as key to socioeconomic growth and to stimulate digital transformation. The panelists discussed how governments are focused on developing their national data policies to ensure all this data flows in a secure manner. Actors in Latin America are monitoring the implementation of the European Union (EU) General Data Protection Regulation (GDPR), and how this will interact with the EU’s new data policy under development, the Data Act, consisting of a regulation to establish a harmonized framework for data sharing and the Data Governance Act.
2. To address global challenges
There are 144 measures regulating data localization around the world as of July 2021 (Cory and Dascoli 2021). However, we need data to flow across borders to foster innovation and address global challenges, such as climate change, health, and human rights. In this regard, panelists at the Ministerial discussed how data governance and cybersecurity efforts can support cooperation between countries and enable secure and rights respecting frameworks to facilitate data flows across borders.
3. To create new collaborative data markets
The value of data is maximized when it is flowing and used responsibly, in a rights-respecting manner, and within an environment that generates trust. Dealing with potential misuse of data while preserving its free technical transit requires dedicated trust-building frameworks. Panelists provided examples of new data environments, such as data spaces, that allow for data sharing in a trusted and interoperable manner. These frameworks are being developed in various sectors in Latin America and the Caribbean, including health, climate, mobility, and finance. Cybersecurity is a key element in the development of these new collaborative data markets.
“Data governance and cybersecurity should work hand in hand to ensure data can be accessed, used and shared in a responsible manner for the benefit of all”, said Carolina Rossini, Director of Partnerships and Research, Datasphere Initiative.
4. To promote good practices among different collectives
Cybersecurity based on holistic data governance is crucial to preserve privacy, data protection, trust and generate value. At an organizational level, developing data governance frameworks shouldn’t be solely the role of IT and privacy teams, but it should involve all the actors in an organization.
Speakers pointed to the proliferation of data collectives, such as trusts, illustrating the development of good practices at a community level. Data trusts are legal frameworks where members collaborate to share data in a trusted manner, ensuring the security and privacy of this data. These frameworks are being implemented among health collectives and indigenous communities, to name a few. These good practices can help address cybersecurity challenges.
5. To avoid risks
In May 2022, a massive attack in Costa Rica affected governmental digital platforms, impacting exportations, the payment of taxes, and the health system in the country, among others. This situation threw Costa Rica into a National State of Emergency, causing unprecedented economic losses.
“We extracted important learnings from what happened in Costa Rica. First, it is the importance of governance. Then, the development of trust, and cooperation between countries, and stakeholder groups. And finally, the creation of regulatory frameworks to allow for cooperation and help us to prevent new criminal actions” shared Jorge Mora, Program expert, EU-CYBERNET.
When a data leak happens data loses its value. Speakers provided examples of technologies at our disposal that can avoid cybersecurity breaches. For example, Privacy Enhancing Technologies (PETs) can generate trust, improve privacy, and support cybersecurity best practices. Other technical tools such as homomorphic encryption allows for the use of encrypted data without first decrypting it, preserving its privacy.