fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Guidelines and best practices in disposing of personal data

Disposing of personal data should not be taken lightly as it could still lead to potential data breach.

Guidelines and best practices in disposing of personal data

In the middle of last year, the Personal Data Protection Commission (PDPC) gave instructions to a data intermediary of an airline company and a warning to a gift company for failing to put in place reasonable security measures to keep personal data from being accidentally shared.

These two cases show that some organizations don’t pay enough attention to the proper disposal of personal data, which is an important part of taking care of personal data.

Protection Obligation (Section 24) of the Personal Data Protection Act (PDPA) says that an organization must make reasonable security arrangements to protect personal data in its possession or under its control. This is to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal, or other similar risks.

Some organizations don’t realize that their responsibility to protect personal data doesn’t end when any document containing it is thrown away, whether it’s on paper or in an electronic file. Personal data breaches can still caused by improper or incomplete disposals. This could lead to a fine of up to S$1,000,000 and a loss of trust and confidence from customers and potential clients.

Also Read: Why cybersecurity is important for businesses in Singapore

Getting rid of data shouldn’t be taken lightly, especially if it has personal information in it.

Disposal of personal data on physical media 

The right way for an organization to get rid of personal information is to change it or delete it so that it can no longer be used to identify or connect to a person. For personal information stored on paper, the right way to get rid of or destroy it is usually to shred, burn, or pulp it.

Depending on the type of information on the document, the paper may need to be shredded with a different type of shredder. When compared to a straight-cut shredder, for example, a cross-cutting or confetti shredder makes it much harder for a third party to put back together pieces of paper into the original documents.

When paper is burned, it turns into ashes. For pulping, paper is mixed with water and chemicals to break down the paper fibers so they can be recycled.

At LG Electronics Singapore, it is a rule that all paper documents that contain personal information or confidential information should not be thrown away in trash cans but instead in special, locked bins. The secure bins are locked, so only the legal and compliance department, which is also the company’s Data Protection Office and has the keys to the bins, can get the documents out.

The company’s service provider will empty the trash cans every two weeks. The documents are taken to the service provider’s truck, which has a paper shredder, and LG’s legal manager will make sure that the documents are shredded on the spot.

Getting rid of data shouldn’t be taken lightly, especially if it has personal information in it. Personal information is not safe just because it is thrown away in a trash can or on a computer.

Ensuring proper destruction of electronic personal data 

When data is stored in electronic form, organisations have to take steps to ensure that it is securely deleted, erased, or destroyed before the storage media is redeployed, exchanged, or disposed of. Total deletion or disposal of data in an electronic (re-writable) medium is commonly referred to as “sanitisation”. 

Some common methods of disposal include software solutions that securely overwrite data, degaussing and destruction. 

Degaussing refers to the removal of magnetic fields using a machine that destroys any magnetically recorded data. While data may be erased through the degaussing process, it can still be restored using technology when not done properly. On the other hand, destruction methods such as shredding, crushing, or incineration ensures complete destruction of the electronic medium, so there is no risk of re-use or the data being restored. 

Managing third-party service providers 

The organization or a third-party service provider can dispose of personal information.

It’s important to remember that the company that gives its work to a third party is still responsible for the personal information. The organization must make sure that the processing is still in line with the Protection Obligation of the PDPA even though it is being done by someone else.

The organization that outsources its processes should make sure that its contracts with third-party service providers have the necessary terms and conditions to make sure that the service providers follow the PDPA. It will also need to know how these service providers will get rid of the media and how the supply chain works further down the line.

Conclusion

Getting rid of data shouldn’t be taken lightly, especially if it has personal information in it. Any personal data, either physical or digital, is not safe just because it is thrown away in a trash can or on a computer’s recycle bin. The process of getting rid of information needs to be well managed and controlled so that there is less chance of it being found and accidentally shared.

Also Read: Managing employee data under Singapore’s PDPA

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us