Are You Collecting The Right Personal Data?

personal data

September 4, 2021 in Finance, Compliance, and Law

Data protection is the process of safeguarding important information from corruption, compromise or loss. The importance of protecting our personal data increases as the amount of data created and stored continues to grow at unprecedented rates. There is also little tolerance for downtime that can make it impossible to access important information. Consequently, a large part of a data protection strategy is ensuring that data can be restored quickly after any corruption or loss. Protecting data from compromise and ensuring data privacy are other key components of data protection.

These days when companies and organizations heavily rely on the internet to run their day-to-day operations, the risks of security and data breaches are high especially because attacks can be done even from a remote location. Cyber-attacks are even riskier now that ordinary individuals heavily use the web to automate their smart homes and electronic devices. With more businesses moving towards digitalisation, and individuals transacting online or engaging digital communities, corporate and personal data may be exposed to such cyber threats.

Personal data protection has been a big concern to many people on the Internet. Whenever we are asked to subscribe to a mailing list, we would be worried that our personal data will be leaked out by the organisation. Truth be told, many organisations have suffered data leakage due to weak cyber security protection.

Personal Data, Are You Collecting The Right Personal Data?

In 2019, Straits Times reported that Singapore Accountancy Commission had unintentionally disclosed the personal data of 6,541 people to more than 40 recipients over four months this year. The commission said on Friday (Nov 22) that the leak contained personal information of past and current Singapore chartered accountant qualification candidates, accredited training organisation personnel, and other people involved in the administration of the Singapore chartered account qualification programme before May 17. The information disclosed included names, NRIC numbers, dates of birth, contact details, education and employment information and Singapore chartered accountant qualification examination results of the affected individuals. (Source: StraitsTimes)

Similarly, a few years ago, SingHealth had suffered one of the worst cyber-attack. The cyber attackers had infiltrated Singhealth’s database. 1.5 Million of patients’ personal data were leaked out, including our Prime Minister Lee Hsien Loong and other few ministers. (Source: StraitsTimes) It was a horrendous nightmare to many people!

In 2020, Grab has been fined $10,000 for failing to secure its drivers’ and passengers’ personal details on its mobile app, the fourth time in two years that it has been found to have breached data protection laws. The update was meant to fix a potential vulnerability detected by Grab by removing a variable from a link in the app’s interface that allows GrabHitch drivers to access their data. But it failed to take into account the fact that without this variable, the app could no longer differentiate between drivers and, as a result, provided the same data to all GrabHitch drivers for 10 seconds before new data could be retrieved. The data exposed included profile pictures, passenger names and vehicle plate numbers, as well as pick-up and drop-off locations and times. (Source: Straits Times)

In addition, the Central Depository (CDP) and two other organisations have been fined a total of $47,000 for breaching data privacy laws. The CDP received the biggest fine of $32,000 after it mailed dividend cheques to outdated addresses, putting more than 200 account holders at risk of having their personal data disclosed. (Source: Straits Times)

The Personal Data Protection data breach can lead to serious consequences to your organisation if it is not well taken care of.  The consequences include heavy fines, the ruin of corporate reputation and many more.

In 2021, many people have also suffered from the leak of their personal data. More than 98.2 million individuals were impacted by the 10 biggest data breaches in the first half of 2021, with three of the 10 largest breaches occurring at technology companies. Cybercriminals have shifted their attacks to go after criminals and targets considered to be not as well defended in hopes of securing larger ransomware payments, according to the Identity Theft Resource Center (ITRC), which tracks incidents where hackers steal sensitive customer and employee records containing Personally Identifiable Information such as social security numbers, driver’s license numbers, credit card numbers and medical records. As a result, professional services and manufacturing and utilities have seen the most significant rise in data compromises, while healthcare and retail are seeing data compromises drop. (Source: CRN)

For example, in 2021, Starhub customers’ personal data were leaked. The identity card numbers, mobile numbers and e-mail addresses belonging to 57,191 StarHub customers have been leaked online, six months after a similar leak of Singtel customers’ personal data. The team found an illegally uploaded file containing the personal data of its customers on a third-party data dump website. The affected customers had subscribed to StarHub services before 2007. However, thankfully, no credit card or bank account information is at risk. None of its information systems or customer database has been compromised. (Source: Straits Times)

We believe that many organisations are facing the challenge of preventing data breaches. We cannot stop digital advancement, but we can conduct safety measures and precautions to prevent personal data breaches. Prevention is always better than trying to stop something that is inevitable.

What personal data needs to be protected

Key pieces of information that are commonly stored by businesses, be that employee records, customer details, loyalty schemes, transactions, or data collection, needs to be protected. This is to prevent that data from being misused by third parties for fraud, such as phishing scams, and identity theft.

Common data that your business might store, include:

  • Names
  • Addresses
  • Emails
  • Telephone numbers
  • Bank and credit card details
  • Health information

This data contains sensitive information that could relate to your: current staff and their partners or next of kin; shareholders, business partners and clients; customers and other members of the public. Protecting all this information, in accordance with the Data Protection Act, requires businesses to adhere to specific principles.

We’ve Got You Covered – Strengthen Your Security and Protect Your Personal Data

Learn from the industry experts Mr. Christopher Bridges on how you can protect your Personal Data. In our 1-day Singapore PDPA workshop, you will be able to understand and gain knowledge on how to tailor PDPA and operationalise them for your business to ensure full compliance.

Sources:

Why is data protection so important?

Data protection