Protecting your data
We need to recognise that it is important for us to protect our data. If not me, who will? Personal data refers to data about an individual who can be identified from that said data, or from that data and other information to which the organization has or is likely to have access.
Hackers often attempt to gain access to personal data, whether for their personal use or for the purpose of extortion, especially towards branded companies. This is why organizations must be extremely prudent with cybersecurity, which is critical to securing and protecting the personal data of employees or clients.
The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore. This act comprises various requirements governing the collection, use, disclosure, and care of personal data in Singapore. Such a data protection regime is necessary to maintain individuals? trust in organizations managing their personal data and safeguard against misuse by these organizations or third parties like hackers.
Source: https://www.pdpc.gov.sg/Overview-of-PDPA/The-Legislation/Personal-Data-Protection-Act
One recent case highlighted by PDPA is worthy for us to take note of:
The Tripartite Alliance Limited (TAL) is a company that manages the Tripartite Alliance for Fair and Progressive Employment Practices (Tafep) and employment disputes. However, it has been fined $29,000 after the data of about 20,000 people was accessed by hackers last year. The Personal Data Protection Commission (PDPC) came to a decision that TAL had failed to put in place "reasonable security arrangements" to prevent the unauthorized access of the data in its customer relationship system database. Hacked data included names, identification numbers, contact numbers, e-mail addresses, age, race, marital status, salaries, and compensation amounts.
Recently, the PDPA was updated with the regulation that companies found to be in breach of the act could be fined up to $1M or up to 10% of the company?s annual turnover, whichever is higher. This is a huge penalty and it is financially critical that organisations take steps to protect customer data.
Since 2020, it is also mandatory for companies in Singapore to designate a Data Protection Officer and to have this record updated in the registry of companies (ACRA).
How can organizations ensure data security?
Companies must have an understanding of what is sensitive in their data, and which segment of the data needs to be protected. For example, data can be classified into different categories, such as restricted, confidential, or public. It is moreover important for organizations to educate every member about the significance of their personal data and their role in keeping this data safe. To further ensure the security of one?s personal data, it is highly recommended to have strong encryption and proper key management, even when storing data in Cloud. If the data is regarded as sensitive, the data must be encrypted before uploading it to the Cloud. It is essential to maintain good access control to which categories and types of data and that they can be trusted with such data.
All in all, we should always be aware of how and where we give and store our data. We should not be complacent and risk our data being breached.
Focus Digitech offers a range of data security services from advisory services to data protection equipment. We look forward to helping you in making the cyber world a safer and more secure place for us and future generations to come.
Please visit our site for more: https://focusdigitech.com/cybersecurity
?????