fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

5 Best practices for protecting corporate data when an employee leaves

protecting corporate data when an employee leaves
There are best practices for protecting corporate data when an employee leaves, here are five of them!

Protecting corporate data when an employee leaves

In September of last year, the Singapore High Court heard an intriguing case involving Singapore’s Personal Data Protection Act (PDPA). An employee had left his previous job, an investment business, to work for a rival. This employee wrote an email to a former employer’s client at his current job, another individual he had met while working for his old employer. In that email, he mentioned a specific fund in which the customer had placed contributions. Both his former employer and the client filed a lawsuit against the relevant individual, alleging that he violated the PDPA by utilizing the client’s personal data without his authorization.

According to the High Court, the client’s anguish, or the simple loss of control over his personal data, did not enable him to file a complaint under the PDPA. The client has filed an appeal, which is now pending.

Aside from the Court’s conclusions, the case provides valuable insights for firms trying to protect corporate information when an employee quits. That is why organizations must have the best practices in an instance that an employee resigns. Here are 5 best practices for protecting corporate data when an employee leaves:

Also Read: PDPA compliance for real estate agencies

Protecting corporate data when an employee leaves is essential for PDPA compliance.

Best practice for protecting corporate data when an employee leaves #1: Have robust confidentiality obligations in your employment contracts

While no explicit mention was made to any of the various parties’ contracts, the High Court did recognize that the client’s giving of his personal data to the investment business was done in confidence. It is also believed that the former employee’s use of the client’s name to get his LinkedIn profile’s personal email address was illegal.

If a firm wishes to prevent employees from stealing commercially sensitive information, such as client information, it should ensure that its employment contracts require such customer information to be maintained discreetly. Customer information can include whatever an employee learns about a client and their interactions with the firm, such as their contact information, account information, transactions, preferences, and simply the fact that they are a company customer due to their presence on a client list.

In contrast, information on a client obtained from a publicly accessible source, such as a website or social media page, is unlikely to be secret. However, a corporation may still wish to establish ground rules for its workers’ usage of social media, such as through a social media code of conduct or acceptable use policy, which includes dos and don’ts for how employees should engage with customers and even the general public on such platforms. It might also include rules on how workers should publish on company-related websites, such as when the company’s name or emblem is utilized.

Best practice for protecting corporate data when an employee leaves #2: Ensure that these confidentiality obligations continue even after an employee has left the company

If a firm wants to safeguard its secret information even after an employee leaves, it might include a clause in the employment contract requiring the employee to keep such information confidential and not reveal it, even after the individual has left the company.

The firm should take its time, and maybe seek legal help, in designing such a clause, as there is a risk that the Court would read it as a restrictive covenant, in which case the clause will not be enforced unless the company can convince the Court that it is fair.

Protecting corporate data when an employee leaves is essential to prevent data breach!

Best practice for protecting corporate data when an employee leaves #3: Adopt comprehensive employee exit protocols

The organization should develop a common procedure requiring the return of all corporate information, including customer data, as part of an employee’s leaving process. In some employment termination scenarios, it may be appropriate to remind the employee of their obligations to keep customer data confidential or even to obtain explicit confirmations that they have destroyed all confidential records and will not use any customer information obtained during their employment with the company in the future.

On the other hand, if you are a corporation that has recently employed a new employee, there are some precautions you should take to prevent being held liable for that individual’s crime, such as data theft from their prior employer.

Protecting corporate data when an employee leaves is necessary to avoid penalties from PDPC.

Best practice for protecting corporate data when an employee leaves #4: Set company rules to govern employee behavior

This is one approach for the corporation to defend itself from any employee misbehavior, whether intentional or unintentional. It is conceivable for a firm to be held accountable for an employee’s violation of the PDPA if it occurred during the course of their employment. In other words, an employee’s actions might lead to the organization being investigated by the Personal Data Protection Commission (PDPC) for a PDPA violation committed by the person while on the job.

If the corporation is found guilty, it must follow the Commission’s instructions, which may include paying a regulatory punishment of up to SGD 1 million. An aggrieved individual may also sue the firm if the individual has directly experienced loss or harm as a result of the violation. As a result, a corporation should make it clear what sorts of employee actions are unacceptable, for example, by subjecting them to disciplinary action.

Best practice for protecting corporate data when an employee leaves #5: Conduct employee training on data protection

A corporation should instruct all newly hired employees on what consumer data may and cannot be used for. If a client has solely agreed to the use of their personal data for anti-money laundering, “know your customer” checks or other regulatory compliance purposes, such data should not be used for marketing. In addition, the firm might put in place an acceptable standard operating procedure for dealing with a consumer who later objects to being contacted by it. This reduces the danger of the organization failing to meet its data protection requirements.

Also Read: PDPA Compliance for the Telecommunication Sector

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us