Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

How COVID-19 Contact Tracing in Singapore Applies at Workplace

How COVID-19 Contact Tracing in Singapore Applies at Workplace

COVID-19 Contact Tracing in Singapore
COVID-19 contact tracing in Singapore includes data collection and management at workplace

Contact tracing systems have been implemented by almost all Covid-19-hit countries as the primary mode of dealing with this dragging pandemic. Through the aid of advanced technology the primary carriers including their immediate contacts are traced and exposure sites are quickly identified. This has been proven effective in containing the spread of the virus.

However, from the enforcement of COVID-19 contact tracing in Singapore arises the need to address how data collected by organizations should be handled and regulated, highlighting the importance of a Data Protection Officer (DPO). This pertains to private personal data of customers and employees alike. In this article, we would be focusing on the guidelines set forth by the Personal Data Protection Commission (PDPC) when it comes to contact tracing at Workplace.

Use of TraceTogether-only SafeEntry

Also known as TT-only SE for short, this check-in mode has been viewed by authorities to beimportant digital tools that helps contact tracers in quickly pinpointing close contacts of Covid-19 cases.

This contact tracing system has been made mandatory since June 1 at all higher-risk venues– such as malls, workplaces, places of worship and schools – or where people are likely to be in close proximity for prolonged periods – such as restaurants and gyms.

The combination of the two digital tools has enabled health workers to reduce the average time to do contact tracing from 4 days to less than 1.5 days. TraceTogether data identifies a crude list of close contacts while SafeEntry data gives a list of the establishments visited by an exposed person. Both are equally crucial in establishing cluster links for a more accurate zoning of exposure sites.

Also Read: Data Minimization; Why Bigger is Not Always Better

Data collection at workplace

Pursuant to PDPC’s general advisories on collection of personal data for Covid-19 contact tracing purposes, organizations are allowed to collect personal data of visitors to premises in light of the pandemic. It necessary includes the collection, use, and disclosure of NRIC even without the consent of an individual as it is a necessary means to respond to a national emergency.

At workplace, employees’ personal data shall form part of the collected information through contact tracing systems, and must therefore be protected from unauthorized access or disclosure. The data collected from the TT-only SE system will be only stored in the Government’s servers. Verily, an organization may not use such for other purposes without consent or legal authority.

COVID-19 Contact Tracing in Singapore
Organizations are still encouraged to implement other safe management measures when it comes to COVID-19 contract tracing in Singapore

Auditing/checking of information

Generally, the TraceTogether app features are intended for the app users own reference or for the Government’s efforts in COVID-19 contact tracing in Singapore. However, employers are still allowed to view SafeEntry Check-in Pass on the App for the purpose of ascertaining whether the staff as checked in to SafeEntry upon going to work.

This is without prejudice to the rule that prior consent of the employee must be sought first, should the employer seeks to audit other information on the App. The reason for seeking the additional information must be clearly communicated to the staff insofar as no form of intrusive mode of obtaining such data is to be undertaken.

Other safe management measures at workplace

Of course, organizations are allowed, if not encouraged, to deploy other safe management measures in their office. Besides the TraceTogether token or App, various form of temperature screening systems, crowd counting/management measures and safe distancing technologies are some of those suggested since these measures can be undertaken without collecting personal data.

More specifically, temperature scanners that check your employee’s temperature without recording readings, or crowd management solutions that only detect or measure distances between human figures in your premises without collecting facial images, would not warrant the application of PDPA’s Data Protection Provisions.

COVID-19 Contact Tracing in Singapore just like any other countries has been the most effective way of containing the spread of the virus. While public safety is the primary consideration, it is still important to know the regulations that applies to your organization to avoid any subsequent sanctions. By practicing Covid-19 safety measures at workplace, your organization can do its part in ending this pandemic.

Also Read: What Is Data Sovereignty and How Does It Apply To Your Business?



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us