The Personal Data Protection Act (PDPA) will be rolled out tomorrow (July 2, 2014), and only one in two organisations claimed that they have implemented measures to comply with the new law.
This is according to an Industry Readiness Survey conducted by the Personal Data Protection Commission (PDPC) between February and April this year.
The PDPA aims to ensure better protection of personal data whereby individuals will have the rights to access their data collected by companies. This includes checking how the company has used it, or how they intend to use it.
On the other hand, companies must protect their customers' data by locking documents, or creating passwords to prevent unauthorised access. Besides that, companies can only transfer customers' data overseas if they have safeguards to protect the data. Companies who break the rules will face a fine up to S$1 million.
More companies to be PDPA-ready
PDPC foresees that the number of PDPA-ready companies will grow over time. Building on this prediction, PDPC has been conducting briefings to educate and raise awareness regarding the PDPA. To date, these efforts have reached approximately 12,000 people, according to a report by Channel NewsAsia.
In addition, the Association of Small and Medium Enterprises (ASME) plans to hold workshops where firms can get hands-on practice in complying with the Act.
However, the ASME commented that not all firms may have the means to implement these measures, which can be costly. It noted that some companies were forking out S$20,000 to S$30,000 each to implement data protection measures.
The PDPC added that the impact on small enterprises would be minimal if they do not generate large amounts of personal information.
Three ways on how businesses can better protect data
In line with the PDPA, Sharat Sinha, Vice President, Asia Pacific for network security company Palo Alto Networks, shared some advice on what businesses should do to protect personal data.
With the proliferation of communication technology, there are now many ways for cybercriminals to attack enterprise networks. Therefore, it is critical for businesses to ensure that their security solution covers all necessary bases, including the network, cloud and end point. "If any one point is vulnerable, it could undermine security in other areas, leaving the network open to attack and increasing the chance of a data breach," he said.
Secondly, it is important for enterprises to ensure that their security solution provides full visibility over network traffic, including its applications, users and content. Sinha elaborates: "Full visibility means that you make no compromises in your security posture, helping to simplify your compliance audits and increasing the productivity of the business by enabling, rather than disabling the use of applications and mobile devices."
Sign up for CIO Asia eNewsletters.