Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Data collection methods: How to do these right

Data collection methods
Organisations collect customers’ personal data in exchange for the services they provide. In doing so, they must ensure that the data collection methods they use are in compliance with the PDPA.

Data collection methods: How to do these right

The use and disclosure of personal data have been the practice of organisations, big or small. But before they can do such, they must collect it from customers and clients who are willing to provide their confidential information in exchange for services offered by the organisation. 

Historically, the protection of personal data has been crucial for organisations. This is because when there is a failure to prevent valuable data from leaking out, the organisation typically covers the risk of paying a hefty financial penalty which ranges up to S$1,000,000. Moreover, the organisation could also suffer from the closure of business as clients and potential customers receive a bad reputation that their data is not safe from your organisation. 

With this, it is imperative for organisations to handle personal data with the utmost diligence, especially from the data collection stage. The case of Clearview AI is a prime example of why this due diligence is required. 

It is imperative for organisations to handle sensitive data with the utmost diligence, especially from the data collection stage.

Clearview AI gets third €20 million fine for illegal data collection

France’s data protection authority (CNIL) has fined Clearview AI €20 million for illegally collecting and processing biometric data from French citizens. Clearview AI got the same fine from both the Italian and Greek data protection agencies in March and July for the same violation. 

CNIL also told the American company that does facial recognition to stop collecting any more data and to delete all the data they already had within two months. If Clearview AI doesn’t follow the orders after two months, CNIL will fine the company €100,000 per day if it doesn’t follow the orders. 

A controversial model 

Clearview AI takes pictures and videos of people that are available to the public on websites and social media sites and matches them to their identities. Using this method, the company has collected more than 20 billion images that are being added to a biometric database of facial scans and identities. 

The company sells access to this database to people who run facial recognition systems. Some of these systems are used by law enforcement agencies and private companies around the world. 

The Personal Data Protection Act (PDPA) in Singapore provides that any data collection must be made aware to the people and get their permission. 

Even if Clearview AI doesn’t use leaked data and doesn’t spy on people, most people don’t know that Clearview AI customers are using their photos to identify them.

Personal data are collected from customers and clients who are willing to provide their confidential information in exchange for services offered by the organisation. 

There are a lot of methods to use in collecting the personal data of costumers and clients for the organisation. However, such methods must be in accordance to the PDPA to avoid breaching the obligations stated therein. The following are potential legal bases for processing personal data:

Legal bases to collect and process personal data in accordance with the PDPA

  • An appropriate notice has been given to or made available to the data subject. 
  • The data subject has given consent to the processing for the identified purposes. 
  • The personal data is necessary to fulfill a contract with the data subject. 
  • The personal data is necessary to comply with a legal obligation. 
  • The personal data is necessary to protect the vital interests of a natural person. 
  • The personal data is necessary for the public interest.

Data collection, done right.

While the Clearview AI case happened in France, a similar consequence may happen for Singapore organisations. This is because under the PDPA, organizations need to secure consent from individuals whose personal data belongs. In collecting individuals’ personal data, they must be made aware that their personal data are being recorded or risk breaching the PDPA and be imposed with a hefty fine. 

It is also essential that the data collection’s purpose is legal and supported by evidence to avoid unnecessary questions with regard to the collection of data by the PDPC. 

A DPO can help 

A Data Protection Officer (DPO) oversees data protection responsibilities and ensures that organizations comply with the Personal Data Protection Act (PDPA). Furthermore, every Organization’s DPO should be able to curb any instances of PDPA noncompliance as it is the officer responsible for maintaining the positive posture of an organization’s cybersecurity.

DPOs complement organizations’ efforts to ensure that the organisation’s methods of collecting personal data comply with the PDPA. It also ensures that policies are set in place to make sure that there will be no instances of data breaches in the future.

Don’t wait any longer to ensure your organisation is PDPA compliant. Take our free 3-minute PDPA Compliance Self-audit checklist now, the same “secret weapon” used by our clients to keep them on track. Upon completion, we will send you the results so you can take the necessary action to protect your customers’ data. Complete the free assessment checklist today and take the first step towards protecting your customers’ personal data.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us