Industry Thought Leadership

Data Privacy Importance at stc

March, 2022
Issa Al Suwait
Cyber Security General Manager

stc Kuwait

Data privacy is the concept that governs the activities of accessing, handling and storing the sensitive information or data. With different levels of data criticality, to organizations all the time will be the most sensitive are the personally identifiable information (PII) of any category (customer, employee, citizen…).

While data protection covers all the aspects Data privacy is a subcategory which cover the ethical and legal obligations to control the access to the PII information.

Importance of data privacy
The phrase “data is the new oil” With the fact of Data is the crown jewels to any business and organization at

Nowadays digital era, makes the protection and privacy of these jewels is one of the most critical missions at the organization level, while Data is the business to some organizations, it is the source of competitive advantage and the core operations asset to others.

There are many drivers for why data privacy has significant importance to all organizations.

The main drivers are:

  • Business continuity dependent on data security and privacy
  • Business image and reputation
  • Regulations and compliance requirements.
  • Organization code of ethics
  • A professional mature privacy policy gives the edge over competition.
  • Mitigation of the data breaches involved Risks

Why data privacy is critical to Telecom operators?
Telecom operators are one of the biggest collectors of sensitive information at the country level. With millions of customer’s personally identifiable information (PII) and their financial information of payments and transactions, telecom companies are constantly targeted by cybercriminals.

But such attacks are not the only concern to telecom operators when it comes to data privacy. PII and customers financial information are also protected under multiple data protection laws and international standards. Starting from the local data privacy, protection and classification regulations published by CITRA in Kuwait as example, up to the EU General Data Protection Regulation (GDPR), in addition when it comes to financial information, the Payment Card Industry Data Security Standard (PCI DSS) enforce additional layer and requirements to implement and comply with.

For all these reasons, data privacy and protection should be a main concern to any telecom operators all the time.

Data privacy at stc
Stc as a leader in the Kuwait state telecom industry took the data privacy a step further by early adoption of a strict data privacy and protection framework, the framework developed with consideration of compliance with the local, regional and international data protection laws and international standards.

The framework developed as top-down model, detailing the core pillars for data privacy and protection from governance level down to the advanced technical level controls and all in between of process, policies and procedures.

To ensure stc network security and data as the crown jewels asset of the network an agile cybersecurity strategy has been developed and adopted to address all the data Privacy threats looking beyond standard and traditional cyber security controls and safeguards to a more profound level such as adoption of Zero Trust architecture and a data-centric approach to cybersecurity.

Limiting sensitive data transfer comes first
In cyber security domain it’s well-known that the human factor is always the weakest link a cross the whole chain.

Whether they have been compromised by malicious outsiders or unintentionally a careless step away from a data leak, insider human threats are a very serious security concern. Telecom operators can limit the impact of such data breaches regardless intentionally or not by implementing Data Loss Prevention (DLP) solution with an integrated classification system.

A second layer of detecting, limiting sensitive data transfer and preventing data leakage can be added at the network data traffic level by implementing a Network Detection and Response solution,

Develop and implement the required and desired use cases and controls.

In conclusion
The powerful high-speed 5G networks, Internet of Things (IoT) and artificial intelligence (AI) significantly transforming the way people work and live, as their daily life activities rely more and more on data. The most of these data transferred across the Telecom operator’s networks and systems, for this and all the aforementioned ensuring the privacy and protection of the customers PII information and all other sensitive data must be part of any telecom operator DNA if it’s not already.