Imagine a world where you can register for a new mobile phone at a new telco without going through hours of paperwork, or visiting a different hospital and having all medical records from your previous visit readily available for your new physician to review.
This can very well turn into reality as the Personal Data Protection Commission (PDPC) recently announced that Data Portability may be implemented in Singapore. The PDPC also released a discussion paper and is currently conducting public consultation on the proposed guidelines.
What is data portability?
Data Portability provides individuals with more control over their data by allowing them to get and reuse their data again across a wide range of services. Not only does this make it easier for consumers to port their data without having to repeat the same process with a new service provider, it also enables organisations to improve their business processes and curate better experiences for their customers.
With data, comes great responsibility
While the implementation of Data Portability can be advantageous for both individuals and businesses, there are also certain risks that come with it. For instance, cybersecurity risks may heighten as copious amounts of data are being transferred from different organisations and sectors. Organisations across various sectors could also have varying security and risk management abilities which means that sharing data between all of these organisations could mean that data security cannot be guaranteed.
Whether or not Data Portability is implemented in Singapore, it is critical for organisations as well as individuals to practice good data security habits by:
- Regularly changing passwords - Passwords are used throughout organisations and even by individuals, therefore it is advisable to regularly change them. Doing this makes it more difficult for data thieves from retrieving your information easily.
- Encrypt digital data - Data collected in digital form may seem ‘safe’ because they are usually stored in an external hard disk drive. However, it is important for it to be encrypted in order to prevent it from being hacked by data thieves. Organisations are also encouraged to dispose of unused external hard disk drives through secure shredding.
- Secure destruction of physical data - As proposed by the PDPC, physical documents that contain personal data such as credit card and NRIC numbers should be disposed of through secure shredding. Employees should also practice the Shred-it All Policy and practice the Clean Desk Policy to reduce risks of accidental data breaches.
Unfortunately, not many people view their personal data as an asset. Individuals should also store and protect their data just as they would with their wealth. Organisations should also exercise good data security practices within their business to prevent data breaches, as failure to comply with the PDPC or General Data Protection Regulation (GDPR) can result in numerous fines and consequences.
Start Protecting Your Business
An organisation that integrates data protection into its business processes can help reduce the risk of a data breach and non-compliance to the PDPA. Learn more about how Shred-it can protect your documents