Privacy Awareness Week 2022: Data Protection as the foundation of trust

Privacy Awareness Week (PAW), an Asia Pacific Privacy Authorities (APPA) initiative, is held annually by its members to raise awareness about privacy and personal data protection issues. The Personal Data Protection Commission has designated the first week of May 2022 as PAW in Singapore.

Privacy Awareness Week 2022: Why is it crucial

For organizations and malicious actors, data is fast becoming the most valuable asset. Numerous organizations have hopped on the digital transformation bandwagon in order to give value to clients. However, as data collection and use increase, so does the potential for data breaches. Today, a data breach is a matter of “when” rather than “if.” Organizations must implement at the very least fundamental data protection measures if they wish to earn their customers’ trust.

As part of our commitment to secure data and all access points to it, Privacy Ninja is supporting Singapore’s Privacy Awareness Week, which aims to educate individuals and organizations about the critical nature of data privacy and protection.

Data is the new oil in today’s digital economy. The issue is that when an item such as personal data attains this level of value, demand for it skyrockets. This straightforward economic theory generates numerous hazards for data. Personal Data is manipulated every second of every hour of every day, whether it is stolen and sold to the highest bidder, held for ransom, or shared without consent with third parties. And, unlike oil, data is an abundant resource that is exponentially growing, making it more difficult to track and secure.

According to a new study, the growth of data collecting is making it harder for customers to retain control over their personal information. According to the No Silver Linings survey, the majority of consumers in Australia and Singapore (67 percent) believe they have “no idea” how many companies they have shared their personal data with.

Moreover, over half (54 percent) report that they exchange data with so many different organizations that they are unable to evaluate each company’s track record of data protection and management.

Despite people’s proclivity for data sharing, consumer confidence in the organization’s ability to protect their data is low. In Australia and Singapore, 37% report a decline in their confidence in digital service providers to protect their personal data during the last five years. Only 15% say it has increased, despite tighter regulation of data privacy.

Even industries that deal with our most precious and sensitive data do not enjoy widespread trust. Only 44% of respondents have confidence in government organizations, while 41% have confidence in financial services. Trust in Messaging Services, Social Media, Media and Streaming Services, Online Gaming, and Retail is nearly non-existent (all scoring 10 percent or below).

Also Read: The Singapore financial services and markets bill: Everything you need to know

Why data protection is the foundation of trust

There are severe implications for organizations that fail to secure their clients’ data. Half (50 percent) of Australians and Singaporeans have ceased using a company’s services or intend to do so in the aftermath of a severe data breach. Data protection is the foundation of trust simply because it is crucial for the customer’s perception of an organization. When there is an instance of breach, their trust in such an organization may be tarnished, and they could no longer use their services.

Data and privacy breaches do not only result in revenue loss and brand reputation damage; they can also result in serious legal consequences and, in certain cases, financial penalties. In the majority of cases decided by the PDPC, when there is a failure for an organization to set up a security arrangement for data protection and there is an occurrence of a breach, a fine could be imposed, which is up to S$1,000,000.

What organizations should take note of

Recent years have seen a tremendous shift in the regulatory landscape surrounding data privacy. The European Union set a precedent with the General Data Protection Regulation (GDPR), and now a number of Asia Pacific countries have implemented or are in the process of enacting stricter data privacy rules.

Regulators have made it quite obvious to commercial enterprises operating throughout the Asia Pacific how critical it is to protect the data they hold. Leaders in technology and security have done an admirable job of soliciting guidance and enhancing data management and protection on a proactive basis. However, the majority of them continue to take a traditional approach, relying on decades-old security controls such as Data Loss Prevention (DLP), perimeter controls, and endpoint protection, without sufficient knowledge of the need to refocus their security strategy on data.

Tighter regulation, increased consumer awareness, and the growing frequency and magnitude of data breaches underscore the importance of organizations rethinking their approach to data security. To accomplish this, organizations must first gain a thorough understanding of the personal information they gather and retain, as well as who has access to it and how it is protected.

During Privacy Awareness Week, Privacy Ninja encourages Asia Pacific organizations to conduct an audit of their data collecting, storage, processing, and access procedures to determine the extent of their sensitive personal data management gap.

Also Read: Guarding against common types of data breaches in Singapore