12 May 2015
Introduction
The Personal Data Protection Commission (“PDPC”) in conjunction with the newly formed Cyber Security Agency (“CSA”) has issued a guide on how to secure personal data in an electronic medium on 8 May 2015 (“Security Guide”).1
The Security Guide provides guidance on what constitutes “reasonable security arrangements” under Section 24 of the Personal Data Protection Act (PDPA), and is intended to assist persons who are responsible for data protection within an organisation and also persons who supervise or work with infocommunication technology systems and processes.
Overview Of Contents
This Security Guide covers:
- the main areas related to security and protection of Personal Data stored in electronic medium;
- good practices that organisations should undertake to protect electronic Personal Data; and
- enhanced practices that organisations may consider adopting to further improve Protection of electronic Personal Data.
Some of the main areas that are covered include:
- The importance of having a system of authentication and authorisation
- Issues relating to:
- Compliance, Testing and Audits
- Destruction of Electronic Personal Data
- Suggestions on how to secure Personal Data contained in:
- Computer Networks
- Personal Computers
- Portable Computing Devices & Removable Storage Media
- Printers, Copiers and Fax Machines
- Suggestions on measures to secure Personal Data in:
- Databases
- Emails
- Websites and Web Applications
Comment
It is interesting to note that the PDPC and the CSA referred to resources from the UK Information Commissioner’s Office, the Office of the Privacy Commissioner of Canada and the Office of the Australian Information Commissioner in devising this Security Guide.
The “good practices” recommended by the Security Guide seem to form the backbone of basic protection measures that must be adopted and implemented, and the “enhanced practices” are intended to improve on the basic protection measures. Useful checklists on both the “good practices” and the “enhanced practices” are also included in this Security Guide.
This industry-neutral Security Guide is much anticipated and welcomed. It provides a degree of detail on the best practices that organisations using electronic media to store Personal Data should follow, and provides a good starting point for management to create or enhance the IT security policy of their organisation.
End Notes:
1. https://www.pdpc.gov.sg/docs/default-source/publications-edu-materials/guide-to-securing-personal-data-in-electronic-medium-v1-0-(080515).pdf?sfvrsn=2
For further information, please contact:
Rizwi Wun, Partner, RHTLaw Taylor Wessing
rizwi.wun@rhtlawtaylorwessing.com
Jack Ow, RHTLaw Taylor Wessing
jack.ow@rhtlawtaylorwessing.com
