Data Protection Practices for ICT Systems

A robust and resilient info-comm technology (ICT) system can help to protect against data breaches, thereby building consumer trust in organisations. It is important for organisations to develop good data protection practices in their ICT system and processes to improve their cybersecurity resilience as well as capabilities in data breach prevention.

How to Guard Against Common Types of Data Breaches

  Common ICT Gaps in Data Breach Cases
 Untitled-3-01 Untitled-3-05  Untitled-3-03  Untitled-3-04  Untitled-3-02
 Coding Issues  Configuration Issues Malware and Phishing  Security and Responsibility Issues  Accounts and Passwords 

Based on past data breach cases handled by the PDPC, the handbook on How to Guard Against Common Types of Data Breaches identifies the five most common gaps in ICT system management and processes that often results in data breaches. The handbook provides examples and recommendations on good practices that organisations can adopt to plug the gaps and guard against these common data breaches.

Complementing the Handbook, the Checklists to Guard Against Common Types of Data Breaches aims to help organisations review and ensure that policies, technology controls and processes applicable to their business operations have been put in place to avoid the common gaps that often result in data breaches.

Increasing digitalisation has also spurred more organisations to adopt cloud services and platforms. With the security features in-built by the cloud service providers (CSPs), cloud services and platforms are generally more secure than on-premises implementation. Organisations are encouraged to start implementing these to protect personal data in the cloud.

 Access the Handbook here  Access the Checklists here  Access the Infographic here

Data Protection Practices for ICT Systems

Proper protection of data in ICT systems requires organisations to put in place relevant data protection practices and measures in 3 aspects:

                                    Screenshot 20210906 at 45038 PM

The PDPC has compiled data protection practices from past Advisory Guidelines, Guides and lessons learnt from past data breach cases that should be adopted by organisations in their ICT policies, systems and processes to safeguard the personal data under their care. 

Access the Guide here.


Need Professional Help?

The PDPC has a suite of tools and resources to help organisations implement data protection policies and practices. Find out more below.

an individual  Enhanced PDPA for Businesses
The enhanced PDPA can help businesses by unlocking opportunities and future innovation, upkeeping and strengthening customers' trust through accountability, as well as innovating with better use of data to provide enhanced product offerings and personalised services to customers.
sample E-Learning Programme
Through interactive learning tools, learn the basics about the key terms and organisations' obligations under the PDPA and offer ways in which data protection officers can develop good data protection policies and practices.
 work PDPA Assessment Tool for Organisations (PATO)
A free online self-assessment tool that  provide suggestions based on your inputs and recommend resources to help your organisation improve its data protection policies and practices.