The growing number of cybercrimes, as an inevitable byproduct of digital transformation, is putting enterprises on high alert.
With people’s personal data being collected and processed by countless organisations, public expectation is high for this data to be under lock and key.
This is where the concept of digital trust comes into play, encouraging businesses to step up their policies concerning the use of people’s data, or risk losing the support of their stakeholders in a heartbeat.
To explore digital trust in more detail, Frontier Enterprise interviewed David Alfred, the Co-Head of SGTech’s Policy and Research Workgroup, Digital Trust Committee. Alfred also serves as the Director and Co-Head of the Data Protection, Privacy & Cybersecurity Practice at Drew & Napier LLC.
How would you define digital trust?
In October 2022, SGTech, a trade association for Singapore’s tech industry, published a whitepaper on digital trust. The whitepaper defines digital trust as the confidence of participants in the digital ecosystem that they can interact in a secure, safe, and frictionless manner.
To achieve this, organisations providing information, products, or services within the digital ecosystem must implement measures, through their people, processes, and technology, to ensure appropriate cybersecurity, privacy, accountability, governance, ethical treatment, and transparency with respect to the data and information they process and use. This includes complying with laws that regulate data protection, data governance, cybersecurity, and online information, among others.
What specific challenges do organisations face that digital trust aims to address? How can it do so?
A key challenge in digital trust is the skills gap. While the fundamental domains underlying digital trust, such as data protection, data governance, and cybersecurity, have existed for many years, it is increasingly the interaction among these and other areas that determine whether an organisation is trusted to obtain, hold, and process data.
Another challenge is that advancements in technology, along with several other factors, are raising expectations that organisations will consider the interests and needs of their customers and other stakeholders. While technology has contributed to the fast-changing environment facing organisations, it has also improved their ability to innovate and provide products and services that meet the expectations of their customers.
Digital trust thus requires organisations to navigate the digital environment in a manner that achieves several potentially contradictory objectives, such as privacy and accessibility or security and availability. This, in turn, requires professionals well-versed in multiple domains, which are presently often treated as separate domains administered by different teams within an organisation. Management buy-in is key in unlocking an organisation’s ability to achieve digital trust. An organisation’s senior management has a significant role in setting the tone, developing organisational culture as a trusted organisation and equipping the organisation’s staff with the skills and resources needed.
What are the emerging trends in digital trust at the global level, as well as in the Asia-Pacific region, and Singapore specifically?
Digital trust has been gaining prominence in recent months as a multifaceted domain requiring the attention of lawmakers, policymakers, civil society, organisations, and individuals. While the security-related aspects of digital trust have been previously recognised, data protection and data governance are gaining prominence as key facilitators of digital trust. “Trust technologies,” such as privacy enhancing technologies; distributed ledger technologies; digital ID; and governance, risk, and compliance software, are emerging and set to boom. In Singapore, the Infocomm Media Development Authority and Nanyang Technological University established a national digital trust centre to embark on “Trust Tech” research and innovations and capability development.
Based on SGTech’s research, Singapore has the potential to grow our digital trust sector from SG$1.7 billion, currently employing around 15,000 professionals, to SG$4.8 billion by 2027, creating 30,000 new, high-quality jobs. SGTech will also collaborate with the Asian-Oceanian Computing Industry Organisation to establish a virtual centre of excellence for digital trust, aimed at leading research and sharing best practices across the 21 Asia-Pacific economies under the Asia-Pacific Economic Cooperation forum.
SGTech has signed a memorandum of agreement with digitalswitzerland and the Swiss Digital Initiative to collaborate and actively contribute to the promotion of a secure and ethical digital world. They aim to achieve this by promoting the Digital Trust Label in Europe and Asia, which is a first step towards a global movement for digital trust. These and other digital trust initiatives are expected to lead to further advancements in technology, business processes, and the capabilities of organisations.
On the legal front, organisations operating globally today already face a complex legal and regulatory environment with laws regulating different aspects of digital trust to differing degrees in many countries. Many countries are enacting new laws or updating existing ones to include new requirements, particularly concerning data protection and cybersecurity. Singapore, for example, enacted its Personal Data Protection Act in 2012 and amended it in 2020/2021 with additional requirements relating to data breach notification and cross-border transfers and heavier financial penalties for contraventions, amongst other changes.
Looking forward and taking into account new legislative proposals in the European Union and the United States, new areas for regulation in Singapore and the region may include requirements relating to artificial intelligence and data governance.
What were some of the primary obstacles and challenges that you have encountered in implementing digital trust initiatives, and how have you addressed them?
Digital trust presents organisations with new opportunities but requires commitment and an openness to change. The obstacles I have encountered often relate to two areas. First is how an initiative is regarded within an organisation, particularly by its management.
The second area is how an initiative will impact existing organisational processes and staff. For many of these, clear communication at the start and key stages of a project helps bring management and staff on board. It is also important to articulate the value of an initiative, whether it is in terms of how the organisation regards and treats its customers, staff development, enhanced efficiencies or other metrics.
Which technologies are essential for building and maintaining digital trust within organisations and industries, and how can they be effectively utilised?
Technology affects several foundational domains of digital trust. It may be divided into:
- Compliance technology (for example, which aids organisations in monitoring and documenting compliance with legal and regulatory requirements).
- Privacy-enhancing technologies (PETs).
- Cybersecurity technology (for example, technology that aids in threat detection and response).
PETs offer significant potential for organisations to utilise and derive value from their data assets while meeting legal requirements. This is a fast-developing area, and organisations should keep abreast of developments that may have an impact on their data processing activities or provide a new means for them to analyse, share and obtain insights from their data. Relating this to my earlier response, organisations should equip their staff with the appropriate skills in this and other relevant areas.