Data Protection Tips for Organisations During a Pandemic (Singapore Case Study)

COVID-19 has changed almost every aspect of life, even the way people do business. It has also caused investors and consumers to make more conservative lifestyle changes. This also created a significant impact on organisations across various industries.

That said, it has become crucial for organisations to have measures that can safeguard them against further negative impacts like remediation costs, regulatory fines, additional manpower strains, loss of reputation, and financial resources to cooperate or handle investigations.

Fortunately, those who want to know advanced data protection techniques can participate in the Advanced Certificate in Data Protection Operational Excellence. It comprises five modules that cover operational aspects in information security and data protection.

Participants are awarded the Advanced Certificate in Data Protection Operational Excellence once they have completed five modules and attended the 12-day training. The course is designed for compliance managers, data protection officers, and individuals with data protection responsibilities.

Top Data Protection Tips for Organisations During a Pandemic

Ensure you are up-to-date with the regulatory advisories.

The Singapore Personal Data Protection Commission (PDPC) issued an advisory on the collection of NRIC numbers for contact tracing purposes related to COVID-19. Office visitors are informed that personal data will be collected for contact tracing purposes.

Unfortunately, some organisations simply copy what others have done even if it’s outdated or misguided. For instance, it is not uncommon for organisations to seek consent to use, disclose, or collect personal data even if the PDPC has already stated that it is not required.

The problem in similar scenarios is consent given can be withdrawn. That said, everyone is urged to check PDPC’s website for the most updated and accurate situation. This will enable you to be better equipped to instill greater confidence in staff, partners, and customers and respond to related enquiries correctly.

Use technology to address new requirements.

Recording visitor information through registration forms at entrances is one of the measures adopted by many organisations in the wake of COVID-19. However, it was observed that there are many consequential personal data risks. Some of the risks include deleting data when it is no longer required.

This is especially important since the NRIC numbers may be collected and should not be used for other purposes when it is handed over to another department. Moreover, there are also possible health risks. For instance, some officers are worried there would be droplets on the pen or on the registration itself.

A quick fix would be to adopt QR-code empowered registration forms. Another benefit would be eliminating logbook use and the risk of disclosing personal data to visitors that also sign the logbooks. Fortunately, organisations nowadays can look for QR generators online from reputable sources. They can be very affordable and some can be used for free.


Train your staff how to properly identify and respond to scams

In Singapore, there are scammers that impersonate Ministry of Health (MOH) officers to ask for financial information from individuals. Some phishing emails have also been sent to corporate accounts. Some are also sent to individuals and they are asked to forward the emails to their contacts. In the process, malware is introduced into the IT systems.

It is recommended that organisations consider communicating such risks to their employees and check with the vendor or IT department if the current IT measures being implemented are sufficient.

It is also important to remember that corporate emails that are compromised due to phishing emails have the potential to cause massive damage—it can result in a compromise of the organisation’s internal servers. Hence, it can also compromise the entire IT system of the organisation.