Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Guide to basic anonymisation and free tool from PDPC

guide to basic anonymisation
The guide to basic anonymisation and its free tool are provided by the PDPC to help organizations anonymise personal data.

Guide to basic anonymisation and free tool from PDPC

The personal data that organisations hold are subject to PDPA. When there is a breach of data concerning these personal data, what the PDPC usually does is impose whopping fines. To limit this, there is a way for organizations to do to avoid this penalty regardless if there is a breach, and this is through anonymization. 

When the data that was used can identify a particular person, the obligation under the PDPA applies. This means there is a need for organizations to keep their personal data safeguards high to limit breaches. However, anonymisation converts the personal data so that it can no longer be identified or attributed to a specific individual. 

Anonymisation, defined

Anonymisation refers to the conversion of personal data into data that cannot be used to identify any individual. PDPC considers anonymisation as a risk-based process, which includes using both anonymisation techniques and safeguards to avoid re-identification.

Also Read: Check the Do Not Call Registry in Singapore before marketing to phone numbers

Anonymisation refers to the conversion of personal data into data that cannot be used to identify any individual.

PDPC’s Guide to basic anonymisation

The Guide to basic anonymization from the PDPC is meant to provide organizations new to anonymization with an introduction and practical assistance on how to do basic anonymization and de-identification of structured, textual, non-complex datasets.

This Guide does not cover all concerns associated with anonymization, de-identification, and re-identification of datasets. Complex anonymisation challenges should prompt organizations to consider engaging anonymisation professionals, statisticians, or independent risk assessors to undertake the proper anonymisation techniques or assessment of re-identification hazards (e.g. large datasets containing a wide range of longitudinal or sensitive personal data).

Organizations should realize that implementing the recommendations in the Guide to basic anonymization does not guarantee compliance with the Personal Data Protection Act (PDPA). In conjunction with the Personal Data Protection Commission’s (PDPC).

Anonymisation reduces the amount of original information in a dataset.

Purpose of anonymisation and utility 

The objective of anonymization must be crystal obvious, as anonymization should only be performed when necessary. Regardless of the technique employed, anonymisation reduces the amount of original information in a dataset. Consequently, as the level of anonymisation grows, the utility of the dataset typically decreases. Therefore, the organization must determine the degree of the trade-off between acceptable (or anticipated) benefit and re-identification risk.

It should be highlighted that utility should not be evaluated at the level of the entire dataset, as it varies significantly among features. One extreme is when the precision of a particular data attribute is vital, and no generalization or anonymization technique should be used. The other extreme is when the data attribute is useless for the intended purpose and can be omitted without harming the recipient’s usability of the data (e.g. date of birth of individuals may not be important when analyzing the purchase transaction trends).

Another important consideration in determining the trade-off between utility and anonymisation is whether the recipient’s knowledge of the anonymisation techniques and degree of granularity poses an additional risk; on the one hand, this information may help the analyst better understand and interpret the results, but it may also contain hints that increase the risk of re-identification.

Data Anonymisation Tool

The PDPC provided a free data anonymization tool. This tool transforms simple datasets by applying anonymisation techniques. Organizations can freely download the file here.

Organizations should realize that implementing the recommendations in the Guide to basic anonymization does not guarantee compliance with the Personal Data Protection Act (PDPA).

How a DPO can help organizations

A Data Protection Officer (DPO) oversees data protection responsibilities and ensures that organizations comply with the Personal Data Protection Act (PDPA). Furthermore, every Organization’s DPO should be able to curb any instances of data breaches as it is the officer responsible for maintaining the positive posture of an organization’s cybersecurity.

For instance, at Privacy Ninja, part of our scope of work is to ensure that the process of data anonymization is done correctly and is duly supervised. This eliminated the risk of any data breach due to failure to fully anonymize the personal data and was used beyond its purpose. 

DPOs complement the efforts of organisations in making sure that the personal data that is no longer used for its purpose is duly anonymised. This is because when there is an instance data breach, the organization will not be held liable as the data that was leaked was not personal data. 

As a consumer who provides my very own sensitive information to each organization I encounter or have a transaction with, I would feel safe if an organization would take the extra mile to ensure that my data is correct and concise as it affects me whenever a decision is made.

Also Read: The Singapore financial services and markets bill: Everything you need to know

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us