The Ninja Sensei’s Logbook: Unpacking the Protection Obligation
We already know that the PDPA is a law in Singapore that sets rules for how organisations can collect, use, and share personal data.
One key part of the PDPA is the Protection Obligation, a provision that requires organisations to take reasonable steps to keep personal data safe. This means they have to prevent unauthorised access, collection, use, disclosure, copying, modification, or disposal of personal data.
Make sure to set up reasonable security measures for your organisation!
To determine what security measures are reasonable, organisations have to consider the following:
✅ the type of personal data they possess
✅ the possible harm that could come from unauthorised access or sharing, and
✅ what measures are available to prevent that harm.
What can happen when organisations breach the Protection Obligation: RedMart’s case
In 2017, Singapore-based online retailer RedMart was found to have breached the Protection Obligation when it suffered a data breach that exposed the personal data of over 2 million of its customers.
An investigation by the PDPC found that RedMart had not implemented appropriate security measures and imposed a fine of SGD 72,000 (about USD 53,000). The PDPC also ordered RedMart to implement remedial measures to strengthen its data protection practices.
This case illustrates the consequences of failing to protect personal data and comply with the PDPA.
That is, if an organisation doesn’t follow the Protection Obligation, they could face fines and other penalties. Therefore, it’s important for them to understand their responsibilities under the PDPA and make sure they’re protecting personal data properly.
P.S. Got questions or do you need help with your cybersecurity and data protection compliance journey? Don’t hesitate to reach out to your friendly cybersecurity and data protection experts at Privacy Ninja. We are always a text/call or email away!
📱 WhatsApp: +65 8750 4250
📧 email: ninjas@privacy.com.sg
This post first appeared on Andy’s LinkedIn wall. Follow us on the following pages for more updates! Facebook | Twitter | LinkedIn | YouTube | Website
