Data Breaches Key Learning Points
Organisations have a duty to abide by the Personal Data Protection Act (PDPA)
, to keep all data collected safe and secure. Data breaches
can still occur, despite efforts. made which bring to mind important learning points for organisations to better improve their data protection practices
Data breaches can happen to any organisation
According to an article on The Straits Times, 29 organisations have been fined and warned for breaching laws in the PDPA this year, and the amount of fines issued has exceeded $1.29 million
One of the most significant data breaches in Singapore would be the SingHealth data breach
. Hackers broke into SingHealth’s database and stole personal data from more than 1.5 million patients, including Prime Minister Lee Hsien Loong’s data. This resulted in a $750,000 fine for the IT agency which manages Singapore’s healthcare sector, Integrated Health Information Systems, and a $250,000 fine for SingHealth.
Other organisations that have faced data breaches in 2019 included Horizon Fast Ferry, K Box Entertainment Group and DS Human Resource. These data breaches show that even some of the largest organisations with the most advanced high tech systems
and equipment could face a data breach. A key takeaway would be that it is important for organisations to have measures in place to protect both the organisation’s and consumers' data
to prevent such breaches from occurring.
Data breaches can occur anytime to both digital and physical data. They can be caused by carelessness
, a lack of data protection practices in the company, or hacking from an internal or external party. This can lead to horrible consequences for both the organisation and its consumers. For organisations, it leads to fines and a poor reputation. For consumers, it leads to their personal data being compromised.
Preventing data breaches
A holistic approach should be taken when it comes to data protection and data breach prevention
. It’s not only digital data and cyber security that needs to be improved on, but the security of physical data as well.
Ways in which organisations could reduce the chances of a data breach include appointing a Data Protection Officer (DPO)
, secure shredding
of documents, developing a data security
plan for the organisation, regularly educating employees on strong data protection habits and properly disposing sensitive documents.
To help organisations improve their data protection measures, Shred-it encourages both organisations and individuals to have a clean desk policy
, a Shred-it All policy
, and proper hard drive disposal
to safeguard organisational data.
Start protecting your business
An organisation that integrates data protection into its business processes can reduce any data breach risk and PDPA non-compliance. Learn more about how Shred-it can protect your documents
us for a free quote and security risk assessment.