Data Protection Act of Singapore: Validity in the Post-pandemic World

Data Protection Act of Singapore in the Post-Pandemic World

At the start of the COVID-19 pandemic, a lot of us have been working from the comforts of our home, many of us have made our own rooms as our work place, and there are probably those among us who have never thought that the day will come when we won’t need to go to an office to work and earn money. This has been the reality for companies and their workers who, for health and safety purposes, have been pushed to become more digital at an unprecedented pace, and this became the new normal.

However, as the world shifted to the digital age, the increase in digital traffic was not reciprocated with cybersecurity measures which should be attendant to protect companies and individuals from cyber-attacks that could either destroy their data or use it against them to get some ransom money. 

A lot of businesses have still not considered the unique cybersecurity needs to be set for now-remote workers working in their homes, where their personal devices could be connected to potentially unsecured networks while accessing company resources. With this, companies and businesses should consider the importance of ensuring security in exchanges of sensitive data and any business information which could be confidential.

Also Read: What You Need to Know About Singapore’s Data Sharing Arrangements

In Singapore, with its Personal Data Protection Act (PDPA) regulated by the Personal Data Protection Commission (PDPC), it is required for companies and businesses to implement adequate security measures to protect the personal data in its care.

Such requirements include, but not limited to, the obligation to protect personal data by making reasonable security arrangements to prevent collection, unauthorized access, disclosure, use, disposal or similar risk, copying, and its modification. Further, once the personal data collected no longer have use for business and legal purposes, companies are obliged to cease its retention. 

With the rapid increase of digital footprint of individuals in Singapore brought by the COVID-19 pandemic, risks of getting attacked by opportunistic cybercriminals are high if such individuals are vulnerable due to negligence of companies in imposing cybersecurity measures. With the active participation of the Personal Data Protection Commission (PDPC) in its implementation of the Personal Data Protection Act of Singapore (PDPA), there is a mandate for these companies to protect each and everyone’s data or else these companies will be heavily fined.  

Why we need a stronger Data Protection Act in Singapore in the post-pandemic world

Data security is a big deal not just for major and minor companies, but also for their clienteles. There is an implied trust involved that when a client provides his personal data such as Social Security number, phone number, address, bank information, and the like, it is kept confidential by companies who hold them.  

Most of the companies are well aware of security breaches and issues, and they have put a great deal of trust in their very own endeavors in preventing a data security breach. However, there are instances that regardless of such efforts to avoid such data breach, these simply can’t be avoided either through an email with sensitive data sent erroneously to a wrong recipient, or through a compromised network where unauthorized access is made possible.

No set of security measures is completely infallible as recently demonstrated by security breaches at several large Singapore companies that affected the personal data of more than 600,000 people.  With these breaches, a total of $75,000 were fined to these companies for the breaches caused by their security lapses. 

We need a stronger data protection act in Singapore in the post-pandemic world because a lot of us rely to these organizations who hold our personal data and other personal information, and when such organization were unable to deliver the required diligence on their end to protect our data, although the companies are fined, it is the users who are disadvantaged from such event.  

Prevent Data Breaches in 5 Ways

According to Trustwave, these are 5 ways to prevent data breaches:

1. Regularly update the patches of your cyber security systems.
2. Safeguard your organization’s proprietary information and sensitive data (including your clients’ personal data). Review your data protection and privilege access policies.
3. Consider leveraging the expanded PDPA consent framework as a model to follow. In this regard, data protection impact assessments are key – organizations will need to demonstrate their assessment of the impact of new initiatives based on the expanded framework.
4. Invest in the right security solutions and find the best cybersecurity partner for your data protection needs.
5. Provide internal training sessions on updated policies and procedures, and regular refreshers on cybersecurity best practices for all employees.

Also Read: Revised Technology Risk Management Guidelines of Singapore