The Ninja Sensei’s Logbook: Of Near-Breaches And Data Protection Red Flags
Data protection breaches do happen even in the most secure of environments, but the chances of these incidents coming to pass are especially high when red flags are ignored and near-breaches are taken lightly.
One of the organisations involved in this month’s cases saw the red flags but didn’t mitigate early, leading to the near-breach incident.
The impact of a data breach
Organisations must remember that when a data breach happens, they are at risk of suffering from the following:
✖️ Reputational loss
✖️ Loss of trust from customers and potential future clients in giving their personal data
✖️ Income loss due to halted business operations, not to mention that the organisation could also be penalised by the PDPC for failure to set up reasonable security in place to avoid breached. Financial penalty could be up to 1 Million SGD.
The PDPC decisions and undertakings in August are up, and there’s a lot to unpack and take note of for better data protection compliance of every organisation in Singapore. For this month, no financial penalties were imposed and was only served a warning.
This month’s decisions and undertakings cover the following:
✔️ Direction given to Budgetcars
✔️ Undertakings to be followed by “K” Line, “K” Line Ship Management (Singapore), and “K” Line (Singapore), Inmagine, and The National University of Singapore Society.
What to take note of
This month’s cases emphasise the importance of having strong cybersecurity safeguards and policies in place to ensure that the organisation’s personal data is not accessible to malicious actors.
This includes:
👉 Implementing multi-factor authentication for all to prevent unauthorised access.
👉 Conducting regular security reviews to ensure an organisation’s website or database has reasonable security arrangements in place.
👉 Strengthening an organisation’s data protection policies to eliminate any security gaps to avoid SQL injection attacks.
👉 Having robust IT access controls and utilising unique accounts and passwords.
What can we get from these cases?
While it is true that this month’s cases do not contain a financial penalty, the organisations involved are not safe from other consequences accompanied by the breach.
An active effort in the PDPA compliance is still the best way to go. They should not take data breaches lightly and should always avoid being complacent with their cybersecurity hygiene.
P.S. Got questions or do you need help with your cybersecurity and data protection compliance journey? Don’t hesitate to reach out to us. We are always a text/call or email away!
📱 WhatsApp: +65 8750 4250
📧 Email: ninjas@privacy.com.sg
