fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Personal Data Websites: 3 Things That You Must Be Informed

personal data websites
If your organization is used to collect or store personal data websites such as customer and payment details, then it should be aware of the obligations under PDPA.

Personal Data Websites: 3 Things That You Must Be Informed

Nowadays, as more and more people are getting addicted to the digital world, the concern for data privacy is rising. Adding to this concern is the speculations which say that the online privacy of users is being breached by certain website owners who sell info to companies or the threat actors to make money.

It is increasingly essential for organizations to have a website as part of their sales, marketing, and customer relationship management efforts. If your organization is used to collect or store personal data websites such as customer and payment details, then it should be aware of the obligations under the Personal Data Protection Act (PDPA).

Key Considerations

When setting up a website for your organisation, do consider the following:

  • Features and functions of the website, especially those functions that collect and handle personal data websites (e.g. online ordering portal, membership management, online forums);
  • Amount and type of personal data websites that will be collected or used;
  • Extent of security required;
  • Location where the website will be hosted; and
  • Resiliency of the website. As websites are connected via the Internet, they face a multitude of cyber threats. Poorly protected websites can be compromised easily, putting any personal data that they collect or store at risk. Data breaches can be costly as this may lead to financial loss and loss of consumers’ trust in your organisation.

Hence, the security of the website and the protection of the personal data websites should be a key design consideration at each stage of the website’s life cycle:

  • Requirements Gathering
  • Design And Development
  • Testing
  • Deployment
  • Operations And Support

Where data protection is not considered until the development of the website has been completed, making changes to the website at that later stage will incur additional cost, including cost to resolve any security breaches.

Adding to this concern is the speculations which say that the online privacy of users is being breached by certain website owners who sell info to companies or the threat actors to make money.

Security

Policies and Processes

Put in place policies and processes to protect the personal data websites handled by your organization’s website. Suggested policies and processes include:

  • Use of risk assessments to select the most appropriate security arrangements
  • Secure configuration of hardware and software components
  • Security testing before the website is launched, and regular security testing thereafter
  • Keeping track of the storage of all personal data
  • Incident management

Also read: 12 brief explanation about the benefits of data protection for business success

Design

Include security as an important requirement when designing the website. Some key security requirements include:

  • Access Control
  • Audit Log
  • Server and Network Security
  • Website Programming
When engaging IT vendors, do emphasise the need for personal data websites protection by stating clearly the responsibilities of the IT vendor with respect to the PDPA.

Negotiating Responsibilities of IT Vendors

Your organisation may consider outsourcing the development and maintenance of the website if it does not have the technical resources to do so by engaging one or more IT vendors.

When engaging IT vendors, do emphasise the need for personal data websites protection by stating clearly the responsibilities of the IT vendor with respect to the PDPA. These responsibilities will depend on the IT vendors’ scope of work. For instance:

  • Developing the website in a way that ensures that it does not contain any web application vulnerabilities; and
  • Ensuring that the servers and networks are securely configured.

Additionally, your organization should require that the IT vendors prevent unauthorized disclosure of personal data by their personnel or sub-contractors. Consider the following:

  • Put in place processes for the secure handling of personal data; and
  • Require confidentiality agreements between your organization and all IT vendor personnel and sub-contractors who have access to the personal data.

Some companies and researchers argue it’s not enough for the government to simply protect personal data; consumers need to own their information and be compensated when it’s used. 

For more information, please refer to the Guide on Building Websites for SMEs and the Guide to Securing Personal Data in Electronic Medium, which can be found on the PDPC website at www.pdpc.gov.sg.

Also read: Top 25 Data Protection Statistics That You Must Be Informed

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us