Data protection is the process of safeguarding important information from corruption, compromise or loss. The importance of data protection increases as the amount of data created and stored continues to grow at unprecedented rates. There is also little tolerance for downtime that can make it impossible to access important information. Consequently, a large part of a data protection strategy is ensuring that data can be restored quickly after any corruption or loss. Protecting data from compromise and ensuring data privacy are other key components of data protection.
These days when companies and organizations heavily rely on the internet to run their day-to-day operations, the risks of security and data breaches are high especially because attacks can be done even from a remote location. Cyber-attacks are even riskier now that ordinary individuals heavily use the web to automate their smart homes and electronic devices. With more businesses moving towards digitalisation, and individuals transacting online or engaging digital communities, corporate and personal data may be exposed to such cyber threats.
Personal data protection has been a big concern to many people on the Internet. Whenever we are asked to subscribe to a mailing list, we would be worried that our personal data will be leaked out by the organisation. Truth to be told, many organisations have suffered data leakage due to the weak cyber security protection.
In 2019, Straits Times reported that Singapore Accountancy Commission had unintentionally disclosed the personal data of 6,541 people to more than 40 recipients over four months this year. The commission said on Friday (Nov 22) that the leak contained personal information of past and current Singapore chartered accountant qualification candidates, accredited training organisation personnel, and other people involved in the administration of the Singapore chartered account qualification programme before May 17. The information disclosed included names, NRIC numbers, dates of birth, contact details, education and employment information and Singapore chartered accountant qualification examination results of the affected individuals. (Source: StraitsTimes)
Not long ago, SingHealth had suffered one of the worst cyber-attack. The cyber attackers had infiltrated the Singhealth’s database. 1.5 Million of patients’ personal data were leaked out, including our Prime Minister Lee Hsien Loong and other few ministers. (Source: StraitsTimes) It was a horrendous nightmare to many people!
In 2020, Grab has been fined $10,000 for failing to secure its drivers’ and passengers’ personal details on its mobile app, the fourth time in two years that it has been found to have breached data protection laws. The update was meant to fix a potential vulnerability detected by Grab by removing a variable from a link in the app’s interface that allows GrabHitch drivers to access their data. But it failed to take into account the fact that without this variable, the app could no longer differentiate between drivers and, as a result, provided the same data to all GrabHitch drivers for 10 seconds before new data could be retrieved. The data exposed included profile pictures, passenger names and vehicle plate numbers, as well as pick-up and drop-off locations and times. (Source: Straits Times)
In addition, the Central Depository (CDP) and two other organisations have been fined a total of $47,000 for breaching data privacy laws. The CDP received the biggest fine of $32,000 after it mailed dividend cheques to outdated addresses, putting more than 200 account holders at risk of having their personal data disclosed. (Source: Straits Times)
The Personal Data Protection data breach can lead to serious consequences to your organisation if it is not well taken care of. The consequences include heavy fines, ruin of corporate reputation and many more.
We believe that many organisations are facing the challenge in preventing data breaches. We cannot stop the digital advancement, but we can conduct safety measures and precautions to prevent personal data breaches. Prevention is always better than trying to stop something that is inevitable.
What data needs to be protected
Key pieces of information that are commonly stored by businesses, be that employee records, customer details, loyalty schemes, transactions, or data collection, needs to be protected. This is to prevent that data being misused by third parties for fraud, such as phishing scams, and identity theft.
Common data that your business might store, include:
- Telephone numbers
- Bank and credit card details
- Health information
This data contains sensitive information that could relate to your: current staff and their partners or next of kin; shareholders, business partners and clients; customers and other members of the public. Protecting all this information, in accordance with the Data Protection Act, requires businesses to adhere to specific principles.
We got you covered!
Learn from the industry experts Mr. Christopher Bridges on how you can protect your Personal Data. In our 1-day Singapore PDPA workshop, you will be able to understand and gain knowledge on how to tailor PDPA and operationalise them for your business to ensure full compliance.