Data Protection Practices for ICT Systems
How to Guard Against Common Types of Data Breaches
Common ICT Gaps in Data Breach Cases | |||||
Coding Issues | Configuration Issues | Malware and Phishing | Security and Responsibility Issues | Accounts and Passwords |
Based on past data breach cases handled by the PDPC, the handbook on How to Guard Against Common Types of Data Breaches identifies the five most common gaps in ICT system management and processes that often results in data breaches. The handbook provides examples and recommendations on good practices that organisations can adopt to plug the gaps and guard against these common data breaches.
Complementing the Handbook, the Checklists to Guard Against Common Types of Data Breaches aims to help organisations review and ensure that policies, technology controls and processes applicable to their business operations have been put in place to avoid the common gaps that often result in data breaches.
Increasing digitalisation has also spurred more organisations to adopt cloud services and platforms. With the security features in-built by the cloud service providers (CSPs), cloud services and platforms are generally more secure than on-premises implementation. Organisations are encouraged to start implementing these to protect personal data in the cloud.
Access the Handbook here | Access the Checklists here | Access the Infographic here |
|
Data Protection Practices for ICT Systems
Proper protection of data in ICT systems requires organisations to put in place relevant data protection practices and measures in 3 aspects:
The PDPC has compiled data protection practices from past Advisory Guidelines, Guides and lessons learnt from past data breach cases that should be adopted by organisations in their ICT policies, systems and processes to safeguard the personal data under their care.
Access the Guide here.
Need Professional Help?
The PDPC has a suite of tools and resources to help organisations implement data protection policies and practices. Find out more below.
Enhanced PDPA for Businesses | |
The enhanced PDPA can help businesses by unlocking opportunities and future innovation, upkeeping and strengthening customers' trust through accountability, as well as innovating with better use of data to provide enhanced product offerings and personalised services to customers. | |
E-Learning Programme | |
Through interactive learning tools, learn the basics about the key terms and organisations' obligations under the PDPA and offer ways in which data protection officers can develop good data protection policies and practices. |
|
PDPA Assessment Tool for Organisations (PATO) | |
A free online self-assessment tool that provide suggestions based on your inputs and recommend resources to help your organisation improve its data protection policies and practices. |