Data Use and Protection Made Easy

At the Singapore’s Privacy Awareness Week 2022, local and international speakers came together to share insights on how businesses can make the best use of customer data while keeping it secure.

In today’s digitalised world, many consumers will exchange personal data to facilitate online transactions. When we do so, it isn’t uncommon to receive hyper-targeted advertising on social media that almost seems like our devices are listening to every word we say and relaying them to advertisers. In a way, it’s true – with every purchase we make or ad clicks, companies collect a myriad of data, from our preferences to our age and location.

If used responsibly, such data can be a wealth of information that help deliver a more personalised customer experience which unlocks the growth of businesses. However, if personal data is susceptible to a breach, it can end up in the wrong hands and result in consequences that range from financial loss to identity theft.

This year’s Privacy Awareness Week brought together speakers from Singapore and abroad to share best practices in growing business using well-protected data. IMDA and PDPC, too, put forth their subject matter speakers to highlight the available tools and resources that local businesses can tap on.

If you missed the webinars, fret not! Below are the summarised key initiatives that can help your business.

Better Data Driven Business (BDDB) Programme

What it is: A free, easy-to-use business intelligence (BI) tool with built-in data protection practices that converts data into rich insights to support decision-making. It could be applied across five common business objectives:

  • Growing product sales;
  • Acquiring new customers;
  • Retaining and engaging existing customers;
  • Improving HR planning; and
  • Lowering inventory costs.

Speaker: Diane Yeo, Senior Manager for Ecosystem Development and Engagement at IMDA

What she says: “We aim to help businesses, especially SMEs, see the value of having the necessary infrastructure and tools to overcome technical or resource challenges and increase their confidence in using data. Many companies shared that they rely on Microsoft Excel and PowerPoint to generate simple graphs for reporting and do not have any dedicated tool for analysis. The BI tool helps businesses kick-start their journey to derive short-term business value such as analysing customer purchasing behaviour and inventory turnover movements to help them deliver better customer experience and lower inventory costs.

Find out more about BDDB programme here.

Data Protection Practices for ICT Systems

What it is: Self-help resources on the security measures for ICT systems:

1

A handbook that highlights the common types of data breaches and how organisations can guard against them;

2

A guide to Data Protection Practices for ICT Systems with instructions and tips on setting up good practices to manage data responsibly; and

3

Useful checklists to review the strength and security of systems.

Speaker: Edwin Leong, Senior Manager of Policy and Tech at PDPC

What he says: “Data is the new commodity in our digitalised economy—this makes the proper and responsible use of personal data imperative. Businesses must know where the data is, what the risks are and what data to protect. As each organisation’s needs are different, security requirements will be different as well. PDPC has made available a suite of resources for organisations to kickstart their security journey. The security measures such as security procedures, technical measures and incident response plans were carefully designed to address common gaps in ICT and be easily implemented. Ensuring data is well-protected is an on-going journey so businesses should not be afraid to start.”

Find out more about Data Protection Practices for ICT Systems here.

Data Protection Essentials (DPE) Programme

What it is: A programme to support SMEs that collect or use personal data as part of their business operations to acquire a basic level of data protection and security practices. It helps the SME to protect customers’ personal data and recover quickly in the event of a data breach. Designed to be easy-to-implement and holistic, it includes Security Solutions through Start Digital Pack as well as a one-stop professional service to implement basic data protection and security measures.

Speaker: Mr Dominic Ng, Manager of Ecosystem Development and Engagement at IMDA

What he says: “Data protection and data use can be compared to the twin engines of a plane--both must work equally well for the plane to take off. As businesses harness the power of data to remain competitive, they should also protect this valuable data. With increased data collection and use, risk of data breaches also increases. In Singapore, 154% increase in ransomware attacks were reported between 2019 to 20201. Today, a data breach is no longer an “if” but “when”, so SMEs should be prepared with minimally baseline standards. They can do this with the DPE. As they level up on data protection standards and increase their usage of data, they can strive towards Data Protection Trustmark (DPTM) certification to differentiate themselves from their competitors and be easily recognised by consumers as having robust data protection practices.”

Find out more about DPE here.

Guide to Basic Anonymisation

What it is: A guide that provides practical guidance on how to perform basic anonymisation and de-identification of various datasets through a simple 5-step anonymisation process.

Speaker: Mr Sze Toh Kai Siang, Assistant Director of Policy and Tech at PDPC

What he says: “At the recent Singapore Privacy and Data Protection Sharing webinar by ISACA Singapore and IAPP Singapore Knowledge Net, I stressed the importance of data anonymisation as part of an organisation’s data protection regime. It is an effective method to keep personal data safe where businesses can make use of data attributes without identifying information. For example, direct identifiers like phone numbers and names can be removed to keep data anonymous and ensure customers cannot be identified. Applying anonymisation techniques on indirect identifiers like gender and date of birth makes it hard for others to reidentify individuals through combining data with other data sources. These are discussed in the guide, which also highlights useful tips such as replacing numbers with a range or masking data with symbols. It helps businesses to manage risk of a data breach and reduce unauthorised disclosure of customers’ data.”

Find out more about Basic Anonymisation here.