How Telcos Can Ensure Cybersecurity & Data Privacy in the AI age

Irish Salandanan serves as Chairperson of the Globe Group Privacy and Security Council and Vice President, Chief Privacy Officer at Globe Telecom. A recognized privacy leader, she holds key roles with the IAPP and has received multiple nominations from the National Privacy Commission for excellence in data protection.

In an insightful conversation with Global Woman Leader Magazine, Irish discusses strategies to ensure cybersecurity, data privacy and fraud prevention in the AI-era. She talks about the need to balance agility with ethical governance and key risk indicators monitored as Globe Telecom, Philippines. She suggests that it’s important to go beyond compliance checklists to build future-proof and resilient security frameworks.

With rapid AI integration across telecom, how are organizations balancing agility with ethical governance, especially when regulatory frameworks globally lag behind technological advancements?

At Globe, we believe that responsible AI is a commitment to doing what’s right. As the first telco in the Philippines to adopt the GSMA’s Responsible AI (RAI) Maturity Roadmap, we ensure that AI use and development across Globe aligns with the ethical standards of transparency, fairness, and accountability. This alignment with global best practices enables Globe to navigate rapid technological advancements with integrity, even as legal and regulatory landscapes evolve. This commitment underscores Globe’s dedication to using tech for good.

As data privacy concerns intensify post major global breaches, what unconventional risk indicators do you monitor that traditional frameworks often overlook in telco environments?

Traditional risk frameworks often overlook the nuanced ways that threats are exploited in real-world scenarios. Beyond standard risk assessments, Globe also monitors indicators such as the proliferation of spoofed messages and the use of illegal devices like International Mobile Subscriber Identity (IMSI) catchers or fake base stations. These tools can mimic legitimate sender IDs, posing a significant threat to data privacy by leading customers to believe scam messages come from legitimate sources and deceiving them into providing financial account information.

To address this, we have removed links from our official Globe broadcasts or SMS blasts so customers can easily discern between legitimate Globe messages and spoofed ones sent via IMSI catchers. Globe is also the only telco in the Philippines, and likely the world, that blocks all person-to-person or P2P messages with links. If a message contains a clickable link, it won’t be delivered.  Lastly, we have a public-facing Stop Spam portal that allows our customers to report scam messages easily. Every report triggers an investigation by our Security Operations Center (SOC) who then block messages and deactivate numbers confirmed to be linked to scam activities.

In a time where AI models are increasingly opaque, how should telecom leaders rethink algorithmic accountability and explain ability beyond compliance checklists?

To demonstrate our commitment to responsible AI, Globe incorporates human oversight in all our AI initiatives. We believe that the successful implementation of our AI strategy requires the creation of an environment where it’s safe for teams to innovate.

In fact, Globe has appointed a Chief AI Officer (CAIO) who also serves as the Chief Information Security Officer (CISO), highlighting the importance of cybersecurity and data privacy in our AI strategy. This leadership structure ensures that AI systems are transparent, fair, and aligned with ethical standards. By fostering a culture of responsible AI use, Globe builds trust with our customers and stakeholders, setting the standard for algorithmic accountability in the telecom industry.

Given rising digital sovereignty debates, how can telecom providers structure cross-border data flow policies?

Globe participates in the GSMA Open Gateway initiative. This global framework provides standardized APIs that facilitate secure and efficient data exchange across networks and borders. By adopting these standards, Globe ensures interoperability while maintaining compliance with varying international regulations. This approach enables us to innovate rapidly without compromising data resilience or regulatory compliance, positioning Globe as a leader in balancing digital sovereignty with technological advancement.

As real-time AI-driven decisioning becomes standard, how can telecom companies embed privacy-preserving mechanisms that are not just reactive but anticipatory by design?

Globe incorporates privacy and security-by-design principles into our AI initiatives to protect and secure personal data. Before any new product or system is launched, it undergoes our comprehensive Privacy and Security Risk Assessment (PSRA). We’ve also begun adopting an engineering mindset, shifting privacy and security controls to the left and embedding these considerations from the outset – as early as ideation.

Further, all of Globe’s anticipate potential privacy and security issues in our AI systems and proactively recommend the appropriate AI initiatives are overseen by our CAIO who also serves as our CISO, emphasizing the importance of privacy and security governance in AI use and development. This allows Globe to controls to address them before they impact customers and stakeholders.

With emerging threats like synthetic identity fraud and deepfakes, how can policy offices future-proof security frameworks?

At Globe, we take a proactive and multi-layered approach to fraud prevention. We started by strengthening our collaboration with the government and the private sector. In an industry first, we signed a Memorandum of Understanding with the Bankers Association of the Philippines to establish a more integrated and collaborative approach to information and intelligence-sharing.

And since threats are continuously evolving, with fraudsters using AI more aggressively as part of their schemes, we have started to use AI to fight AI. We block numbers and keywords identified by our spammer model through machine learning. We look at the likelihood that a number is involved in spamming or scamming activities; this is then validated by our SOC and consequently blocked.

Meanwhile, keywords identified by our machine learning models, which are trained with data from the reports of our bank-partners and their customers, are fed to our spam filters so that messages containing them are blocked proactively.

We also believe that education and awareness are key in this fight against fraud so we have digital safety programs at Globe tailor-fit for certain groups. We have a Digital Thumbprint Program to teach kids about online safety and digital responsibility. We also have a book called Safe Space: A Kid’s Guide to Data Privacy that teaches kids about the importance of their personal data and how they can protect it.

And finally, we have a program for seniors – our Senior Digizen Program – to keep seniors informed about the latest scams and how they can stay vigilant and protect themselves from these fraudulent schemes.

The results of our combined efforts have been remarkable. Since 2022, we’ve blocked a total of over 9 billion spam and scam messages including more than 110 million bank-related scam messages, 9,000 vishing calls, and 145,000 SIM boxes or illegal devices with multiple SIM slots that are used to broadcast fraudulent messages.