October 02, 2019

Your Cheat Sheet to Data Security

As consumers, it is important for everyone to understand the data protection landscape in Singapore and to know our rights. In Singapore, every individual’s personal data is protected under the Personal Data Protection Act 2012 (PDPA). As the data regulation watchdog, the PDPA has established various laws to govern personal data.
Consequences may arise if personal data is not protected

When personal data is not protected, it can result in various consequences such as identity theft and scams. With the PDPA, there is greater data security as it protects data whilst considering the rights of individuals and the needs of organisations to collect, use or disclose personal data for business purposes. However, the responsibility of data protection does not lie solely on the government. Individuals also have the responsibility to protect their personal data. Personal data can range from NRIC and passport numbers, personal email addresses to mobile numbers.
When should individuals share personal data?

All individuals in Singapore have the right to query organisations about the purpose for collecting their personal data. They also reserve the right to refuse to share any personal information if it is not required by law. Here are some scenarios:

  • Lucky draws
    Unless required by law, individuals do not need to share their NRIC numbers. For instance, individuals who wish to take part in lucky draws do not need to share such details. As an alternative, lucky draw organisers can collect other information such as mobile numbers or email addresses.

  • Checking into a hotel
    As a form of verification and under the Hotel Licensing Regulations[1], individuals are required to provide details, including NRIC numbers and full names of every guest staying at the property.

  • Medical visits
    Similar to checking into a hotel, individuals who are seeking medical treatment are required to share their personal details. This provides medical staff with proof of identification to ensure that a patient’s medical records are updated and correct treatment is provided to the patient.

  • Entering a commercial building
    Under the new NRIC guidelines, organisations are no longer allowed to collect NRIC numbers for individuals who enter a building. They may however, still request proof of identification and can simply check the NRIC upon entry.

  • Enrolling into a private educational institution
    Similar to public schools in Singapore, individuals who wish to enrol in private educational institutions are required to provide their personal details as a form of record.

It is essential for both individuals and organisations to play a part in protecting any form of personal data. Having proper protocols and sound data policies in an organisation can help to mitigate risks of data breaches.  Failure to comply with the PDPC or the General Data Protection Regulation (GDPR) can result in hefty fines and consequences.
Start Protecting Your Business
An organisation that integrates data protection into its business processes can reduce the risk of data breaches and PDPA non-compliance. Learn more about how Shred-it can protect your documents and hard-drives by contacting us for a free quote and security risk assessment.

[1] Singapore Statutes Online. 2019. HOTELS LICENSING REGULATIONS. [ONLINE] Available at: https://sso.agc.gov.sg/SL/HA1954-RG1?DocDate=20170724. [Accessed 16 September 2019].