(iv) Data Security and Privacy Protection Capital A is committed to respecting and protecting the privacy of our customers, employees and third parties. We are equally committed to ensuring the confidentiality of information essential to our business. Security of our internal data is assured through our Group Data Governance Policy. To govern the implementation of the policy, we established a Data Governance Committee, which is supported by the Data Security & Privacy Workgroup who meets regularly to provide advisory on data governance and review External Data Disclosure requests. To meet the objectives of this division, we established a data classification framework to identify sensitivity levels of data and types of data indicating their origin and usage. All Allstars are made aware of our data governance processes through annual training coordinated by the Information Security division. As Capital A now operates in a cloud environment, we raised the level of controls for sharing sensitive data in company emails and in document storage. In 2021, we added a data classification requirement on all cloud documents. Default sharing preferences were also changed to the least permissive option and a confirmation prompter added for extraneous sharing. We also scan all emails and documents for unmasked credit card numbers. If detected, the owners are notified of noncompliance for corrective action to be undertaken immediately. Further, to control access to data, a Data Access Approval System was created and integrated with our IT Service Desk platform so as to automate the process to review and approve requests to access data belonging to the Group. This ensures that the applicant secures all levels of approvals before requested data is released. Other than protecting our internal data, it is equally important for us to protect the privacy of our guests. In 2019, we issued our Personal Data Protection Standards Operating Procedures to ensure compliance with the Personal Data Protection Act 2010 of Malaysia. The SOP was updated in April 2021 to cover requirements under the electronic Information Law No. 19 of 2016 of Indonesia, Data Privacy Act 2012 of the Philippines and Personal Data Protection Act 2019 of Thailand. At the same time, we empower our guests to manage their own data. In collaboration with the Customer Happiness and Communications departments, we enhanced FAQ articles available to our guests so that they are able to make corrections and updates. Our Customer Happiness agents were also trained to guide customers on channels to access their editable data. Group Data Governance Committee Data Security & Privacy Workgroup President of AirAsia Digital Chief Information Security Officer Chief Data Scientist InfoSec Data Security & Privacy Data Science Legal Finance Investor Relations Corporate Communications Customer Happiness 1 1 8 C A P I T A L A B E R H A D Economic (cont’d.)
RkJQdWJsaXNoZXIy ODU0MjU5