TRS Forensics Technology Risk Security Forensics
Personal Data Protection Updates

Personal Data Protection Updates

On 11 November 2021, the Personal Data Protection Commission ("PDPC") released 2 decisions relating to the Personal Data Protection Act ("PDPA"). At TRS, we have summarised these cases for your convenience as follows:

Organisation(s)/Cause of Data BreachOutcomeCategory of Key Lapse
TechnicalProcessPeople
Giordano Originals (S) Pte Ltd (Decision)
ransomware infection 		No breach      
Commeasure Pte Ltd (Decision)
unauthorised access and exfiltration of personal data hosted in cloud database 		$74,000
Penalty 		X X X
Total (November 2021)111

Learning Points:

Many organisations have often wondered if it is possible to suffer a data breach and not be in breach of the PDPA. The case of Giordano shows that this is possible, if there are reasonable security measures in place. This is because an organisation that has reasonable security measures is able to promptly and extensively mitigate any effects from a data breach and minimise any risks to its business and operations.

Possible security measures which your organisation can implement include:

  1. Install and deploy endpoint security solutions, and systems to monitor for any Internet traffic abnormalities.
  2. Conduct regular system maintenance, reviews and updates (such as vulnerability scanning and patching).
  3. Regularly and automatically back-up data so that your organisation can quickly restore operations from the backed-up data following a breach.
  4. Protect personal data stored using industry-standard encryption so that any data breached remains illegible without decryption.
  5. Permanently dispose of personal data which has passed its retention period and is no longer required for any legal or business purpose.
  6. Regular staff training on data protection, including phishing simulation exercises.

You may also contact us at infotrs@trsforensics.com for a non-obligatory discussion on how we can assist you to strengthen your organisation's data protection processes and controls.

Singapore | Malaysia | China

The content of this newsletter is for general information only and does not constitute advice to you. Readers are encouraged to contact us, TRS, at infotrs@trsforensics.com to obtain advice tailored to their particular circumstances. All discussions will be confidential and non-obligatory.

Further information on our privacy policy can be found here.

Copyright © TRS Group of Companies. All rights reserved.
90, Lorong 23 Geylang
Agrow Building, #05-01
Singapore 388393