DISCLAIMER - NIKZAFRI.BLOGSPOT.COM


Today, Knowledge Management today are not limited merely to : (A) 'knowing' or 'reading lots of books/scholarly articles' or (B) data mining, analysis, decision making, preventive actions, or (C) some Human Resources Management issue or (D) some ICT issue. Knowledge Management is about putting your knowledge, skills and competency into practice and most important IT WORKS! For you and your company or your business (Nik Zafri) Can I still offer consultancy or training? Who claims otherwise? Absolutely, I can.

The information comprised in this section is not, nor is it held out to be, a solicitation of any person to take any form of investment decision. The content of the nikzafri.blogspot.com does not constitute advice or a recommendation by nikzafri.blogspot.com and should not be relied upon in making (or refraining from making) any decision relating to investments or any other matter. You should consult your own independent financial adviser and obtain professional advice before exercising any investment decisions or choices based on information featured in this nikzafri.blogspot.com can not be held liable or responsible in any way for any opinions, suggestions, recommendations or comments made by any of the contributors to the various columns on nikzafri.blogspot.com nor do opinions of contributors necessarily reflect those of http://www. nikzafri.blogspot.com

In no event shall nikzafri.blogspot.com be liable for any damages whatsoever, including, without limitation, direct, special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue, or loss of use, arising out of or related to the nikzafri.blogspot.com or the information contained in it, whether such damages arise in contract, negligence, tort, under statute, in equity, at law or otherwise.


MY EMPLOYERS AND CLIENTELLES



BIODATA - NIK ZAFRI


 



NIK ZAFRI BIN ABDUL MAJID,
CONSULTANT/TRAINER
Email: nikzafri@yahoo.com, nikzafri@gmail.com
https://nikzafri.wixsite.com/nikzafri

Kelantanese, Alumni of Sultan Ismail College Kelantan (SICA), IT Competency Cert, Certified Written English Professional US. Has participated in many seminars/conferences (local/ international) in the capacity of trainer/lecturer and participant.

Affiliations :- Network Member of Gerson Lehrman Group, Institute of Quality Malaysia, Auditor ISO 9000 IRCAUK, Auditor OHSMS (SIRIM and STS) /EMS ISO 14000 and Construction Quality Assessment System CONQUAS, CIDB (Now BCA) Singapore),

* Possesses almost 30 years of experience/hands-on in the multi-modern management & technical disciplines (systems & methodologies) such as Knowledge Management (Hi-Impact Management/ICT Solutions), Quality (TQM/ISO), Safety Health Environment, Civil & Building (Construction), Manufacturing, Motivation & Team Building, HR, Marketing/Branding, Business Process Reengineering, Economy/Stock Market, Contracts/Project Management, Finance & Banking, etc. He was employed to international bluechips involving in national/international megaprojects such as Balfour Beatty Construction/Knight Piesold & Partners UK, MMI Insurance Group Australia, Hazama Corporation (Hazamagumi) Japan (with Mitsubishi Corporation, JA Jones US, MMCE and Ho-Hup) and Sunway Construction Berhad (The Sunway Group of Companies). Among major projects undertaken : Pergau Hydro Electric Project, KLCC Petronas Twin Towers, LRT Tunnelling, KLIA, Petronas Refineries Melaka, Putrajaya Government Complex, Sistem Lingkaran Lebuhraya Kajang (SILK), Mex Highway, KLIA1, KLIA2 etc. Once serviced SMPD Management Consultants as Associate Consultant cum Lecturer for Diploma in Management, Institute of Supervisory Management UK/SMPD JV. Currently – Associate/Visiting Consultants/Facilitators, Advisors for leading consulting firms (local and international) including project management. To name a few – Noma SWO Consult, Amiosh Resources, Timur West Consultant Sdn. Bhd., TIJ Consultants Group (Malaysia and Singapore) and many others.

* Ex-Resident Weekly Columnist of Utusan Malaysia (1995-1998) and have produced more than 100 articles related to ISO-9000– Management System and Documentation Models, TQM Strategic Management, Occupational Safety and Health (now OHSAS 18000) and Environmental Management Systems ISO 14000. His write-ups/experience has assisted many students/researchers alike in module developments based on competency or academics and completion of many theses. Once commended by the then Chief Secretary to the Government of Malaysia for his diligence in promoting and training the civil services (government sector) based on “Total Quality Management and Quality Management System ISO-9000 in Malaysian Civil Service – Paradigm Shift Scalar for Assessment System”

Among Nik Zafri’s clients : Adabi Consumer Industries Sdn. Bhd, (MRP II, Accounts/Credit Control) The HQ of Royal Customs and Excise Malaysia (ISO 9000), Veterinary Services Dept. Negeri Sembilan (ISO 9000), The Institution of Engineers Malaysia (Aspects of Project Management – KLCC construction), Corporate HQ of RHB (Peter Drucker's MBO/KRA), NEC Semiconductor - Klang Selangor (Productivity Management), Prime Minister’s Department Malaysia (ISO 9000), State Secretarial Office Negeri Sembilan (ISO 9000), Hidrological Department KL (ISO 9000), Asahi Kluang Johor(System Audit, Management/Supervisory Development), Tunku Mahmood (2) Primary School Kluang Johor (ISO 9000), Consortium PANZANA (HSSE 3rd Party Audit), Lecturer for Information Technology Training Centre (ITTC) – Authorised Training Center (ATC) – University of Technology Malaysia (UTM) Kluang Branch Johor, Kluang General Hospital Johor (Management/Supervision Development, Office Technology/Administration, ISO 9000 & Construction Management), Kahang Timur Secondary School Johor (ISO 9000), Sultan Abdul Jalil Secondary School Kluang Johor (Islamic Motivation and Team Building), Guocera Tiles Industries Kluang Johor (EMS ISO 14000), MNE Construction (M) Sdn. Bhd. Kota Tinggi Johor (ISO 9000 – Construction), UITM Shah Alam Selangor (Knowledge Management/Knowledge Based Economy /TQM), Telesystem Electronics/Digico Cable(ODM/OEM for Astro – ISO 9000), Sungai Long Industries Sdn. Bhd. (Bina Puri Group) - ISO 9000 Construction), Secura Security Printing Sdn. Bhd,(ISO 9000 – Security Printing) ROTOL AMS Bumi Sdn. Bhd & ROTOL Architectural Services Sdn. Bhd. (ROTOL Group) – ISO 9000 –Architecture, Bond M & E (KL) Sdn. Bhd. (ISO 9000 – Construction/M & E), Skyline Telco (M) Sdn. Bhd. (Knowledge Management),Technochase Sdn. Bhd JB (ISO 9000 – Construction), Institut Kefahaman Islam Malaysia (IKIM – ISO 9000 & Internal Audit Refresher), Shinryo/Steamline Consortium (Petronas/OGP Power Co-Generation Plant Melaka – Construction Management and Safety, Health, Environment), Hospital Universiti Kebangsaan Malaysia (Negotiation Skills), Association for Retired Intelligence Operatives of Malaysia (Cyber Security – Arpa/NSFUsenet, Cobit, Till, ISO/IEC ISMS 27000 for Law/Enforcement/Military), T.Yamaichi Corp. (M) Sdn. Bhd. (EMS ISO 14000) LSB Manufacturing Solutions Sdn. Bhd., (Lean Scoreboard (including a full development of System-Software-Application - MSC Malaysia & Six Sigma) PJZ Marine Services Sdn. Bhd., (Safety Management Systems and Internal Audit based on International Marine Organization Standards) UNITAR/UNTEC (Degree in Accountacy – Career Path/Roadmap) Cobrain Holdings Sdn. Bhd.(Managing Construction Safety & Health), Speaker for International Finance & Management Strategy (Closed Conference), Pembinaan Jaya Zira Sdn. Bhd. (ISO 9001:2008-Internal Audit for Construction Industry & Overview of version 2015), Straits Consulting Engineers Sdn. Bhd. (Full Integrated Management System – ISO 9000, OHSAS 18000 (ISO 45000) and EMS ISO 14000 for Civil/Structural/Geotechnical Consulting), Malaysia Management & Science University (MSU – (Managing Business in an Organization), Innoseven Sdn. Bhd. (KVMRT Line 1 MSPR8 – Awareness and Internal Audit (Construction), ISO 9001:2008 and 2015 overview for the Construction Industry), Kemakmuran Sdn. Bhd. (KVMRT Line 1 - Signages/Wayfinding - Project Quality Plan and Construction Method Statement ), Lembaga Tabung Haji - Flood ERP, WNA Consultants - DID/JPS -Flood Risk Assessment and Management Plan - Prelim, Conceptual Design, Interim and Final Report etc., Tunnel Fire Safety - Fire Risk Assessment Report - Design Fire Scenario), Safety, Health and Environmental Management Plans leading construction/property companies/corporations in Malaysia, Timur West Consultant : Business Methodology and System, Information Security Management Systems (ISMS) ISO/IEC 27001:2013 for Majlis Bandaraya Petaling Jaya ISMS/Audit/Risk/ITP Technical Team, MPDT Capital Berhad - ISO 9001: 2015 - Consultancy, Construction, Project Rehabilitation, Desalination (first one in Malaysia to receive certification on trades such as Reverse Osmosis Seawater Desalination and Project Recovery/Rehabilitation)

* Has appeared for 10 consecutive series in “Good Morning Malaysia RTM TV1’ Corporate Talk Segment discussing on ISO 9000/14000 in various industries. For ICT, his inputs garnered from his expertise have successfully led to development of work-process e-enabling systems in the environments of intranet, portal and interactive web design especially for the construction and manufacturing. Some of the end products have won various competitions of innovativeness, quality, continual-improvements and construction industry award at national level. He has also in advisory capacity – involved in development and moderation of websites, portals and e-profiles for mainly corporate and private sectors, public figures etc. He is also one of the recipients for MOSTE Innovation for RFID use in Electronic Toll Collection in Malaysia.

Note :


TO SEE ALL ARTICLES

ON THE"LABEL" SECTION BELOW (RIGHT SIDE COLUMN), YOU CAN CLICK ON ANY TAG - TO READ ALL ARTICLES ACCORDING TO ITS CATEGORY (E.G. LABEL : CONSTRUCTION) OR GO TO THE VERY END OF THIS BLOG AND CLICK "Older Posts"


 

Showing posts with label DATA PRIVACY. Show all posts
Showing posts with label DATA PRIVACY. Show all posts

Friday, December 01, 2023

DATA PRIVACY, IS IT REALLY SAFE? - NIK ZAFRI



Data Privacy must be the most important topic for the day.

Organization should have a clear policy outlining how they collect, use, store and protect personal information of individual.  Policy; in this context; must be deemed as a legal statement not simply a written policy pasted on the wall. It must be something that inform users about their rights regarding their personal data.

Data Privacy should take into account :

a) Information collected - details on types of data collected from users/customers - such as names, email, addresses, phone numbers, addresses, even birthdays etc. As such any typical CRM system that collects such data MUST BE protected at the front office level or quality assurance level or public relation level (do not overlap one another)

Three examples :

i) if birthdays are revealed to third parties, it may pave to way to corruption. Or;

ii) like what's happening today; phone numbers are being collected by scammers and conners. There are rumours that these information are being sold internally to 3rd parties - what is the top management action on this issue?

iii) How secure is the protection of the collection system? How good is the firewall or other anti-hacking facilities?

b) Purpose of Data Collection - There should be jsutifications of why the data is being collected especially when being asked by users/customers. This can range from processing orders to improving services or marketing purposes.

c) How will the Data be Used - Information on how the collected data will be utilized by the organization.

d) Data Sharing - Disclosure about whether the organization shares user data with third parties and the reasons for doing so.

e) User Rights - Explanation of users' rights regarding their data, such as the right to access, rectify, or delete their information.

f) Data Security Measure - Details about the security measures in place to protect the collected data from unauthorized access or breaches.

g) Contact Information - Information on how users can contact the organization regarding their data privacy concerns or requests.

h) If there is a breach, exposure, or hacking of the collected data, will there be a specific investigation or special enquiry? What penalties might the organization face if found responsible for such a breach?

(Are our strategies for witness protection, anti-corruption, and governance/transparency proving effective?)

Data Privacy Policies are important for transparency and compliance with data protection laws (such as GDPR in Europe or CCPA in California). They help users understand how their personal information is handled and provide them with a level of assurance about its protection.

Monday, November 27, 2023

CONCERNS ON THE NATIONAL DATA SHARING POLICY




The National Data Sharing Policy may raise several concerns related to privacy, security, and ethical implications. These issues need to be adequately addressed to ensure cooperation and participation from all parties. Among the 7 most significant issues that I've identified are :

1) Privacy Risks - Sharing national data can compromise individual privacy if not handled securely. Sensitive information might be exposed, leading to potential misuse or unauthorized access.

Implementing data sharing is like opening the floodgates to a wide range of potential threats, such as hacking or malware. The more people who have access to the data, the more opportunities there are for unauthorized parties to access it. (Castordoc)

2) Security Breaches - Data sharing introduces the risk of security breaches. If not adequately protected, shared data can fall into the wrong hands, leading to identity theft, fraud, or other malicious activities.

These are all common types of security breach or incidents. For example, a lost laptop, mobile phone, or external hard drive that is unlocked can easily direct to data being stolen if it ends up in the wrong hands. Also, a locked device could be hacked into by a sophisticated attacker (Knowledge Hut)

3) Ethical Considerations - There are ethical dilemmas regarding consent, transparency, and the fair use of shared data. Ensuring data is used responsibly and ethically can be challenging.

Data protection is an ethical issue. It involves respect for individuals and their rights regarding privacy and the use of information about them. External funders, particularly the EU, are seeking increasing levels of assurance with regard to data protection and ethics. (University of Edinburg)

4) Data Accuracy and Quality - Shared data might not always be accurate or up-to-date. This can lead to decisions based on flawed information, impacting policy-making and public services.

There are six main dimensions of data quality: accuracy, completeness, consistency, validity, uniqueness, and timeliness. (Heavy AI)

5) Regulatory Compliance - Complying with various regional or international data protection regulations adds complexity. Different jurisdictions might have conflicting requirements, making it challenging to streamline data sharing processes.

Regulatory data protection (RDP) is an intellectual property right available for a limited duration which protects an innovator's proprietary safety and efficacy data for its innovative product (Merck)

6) Data Monetization and Control - There's a concern about how shared data might be monetized or used for commercial purposes without proper consent or benefit sharing for the individuals whose data is being shared.

With data monetization, personal information is often collected without explicit permission from users. This raises ethical questions about who owns the data and whether individuals have control over how it is used. Another drawback is the risk of data breaches or misuse (The Cable)

7) Public Trust and Perception - Mishandling of data can erode public trust in government institutions or organizations responsible for data sharing, leading to reluctance in participating in future data-sharing initiatives.

Findings suggested that public's trust may not meet the needs of of the policy. There is a majority of the public having lack of trust on the organizations having information and share it on multiple platforms. This requires a new module to gain public trust via knowledge, attitudes, and beliefs to inform policies and practices for data sharing.

Addressing the abovementioned concerns requires robust data protection frameworks, strong encryption, clear policies for consent and usage, regular audits, and a commitment to transparency to maintain trust and safeguard individual rights.