July 12, 2018

Holiday Shopping? Your Personal Data Might Be At Risk

Online shopping – two of the most popular words on everyone’s mind in this digital age. Its convenience and anytime, anywhere accessibility has made it an integral part of consumers’ lives.

With the holiday season fast approaching, busy consumers often beat the crowds by opting for online shopping from their mobile phones or from their desk during their lunch hour at work or from the comfort of their homes. With just a few clicks of the mouse, your items will be on their way to be delivered directly to your doorstep.

In Singapore, personal data such as our full names, residential addresses, email addresses and credit card numbers are protected by the Personal Data Protection Act (PDPA). While shopping online, we tend to forget that we share them with the retailers when we make a purchase. This means that online retailers are a goldmine of personal data and information, making them a favourite target of data thieves.

Online retailers should adopt a standard practice of always protecting their customers’ personal data and information throughout the lifecycle of the order and delivery process. It is crucial to have security measures in place, to protect the stored data and prevent such sensitive information from being accessed by unauthorised persons or worse, stolen. Any unused confidential data or data that has passed its “use by” date that is stored on hard drives or physical media should be disposed of in a secure manner such as by secure shredding.

Online retail employees who are responsible for handling postage addresses should also be careful when storing them. The employees need to be diligent and store documents with the customers’ addresses correctly and securely by locking them up in a cabinet that is only accessible to authorised persons. Those documents should not be left lying around unattended as they might be accessed by unauthorised persons such as contractors and janitors. Any unused delivery dockets and postage labels should also be securely shredded and not discarded in household waste. For example, the Personal Data Protection Commission (PDPC) reported a case where a customer’s personal data was accidentally revealed to another customer when he was unwrapping his gift hamper. Discarded order forms had been used as the fillers to cover the bottom of the hamper. Under the law, this was considered a breach as another customer’s personal data was revealed to another person without their knowledge and consent.

In addition to that, sound policies should also be implemented by online retailers to provide additional layers of checks and balances and to specifically watch for and prevent any possible human error during the daily operational workflows. These additional checks should ensure the strict adherence to standard operating procedures whilst serving as an additional line of defence. Online retailers can also reduce the risk of a physical data breach by adopting and educating employees on information security policies such as a Shred-it All Policy and a Clean Desk Policy.

Start Protecting Your Business

To learn more about how Shred-it can serve as an additional layer of defense to protect your organisation against data leak, please contact us for a free quote and security risk assessment.