As an undergraduate pursuing a degree in Human Resource Management (HRM), I had witnessed the significance of data protection during my work attachment with a MNC. The organisation that I attached to have an annual Information Security Refresher e-Learning course for the employees to go through and be familiarised with all the potential Information Security threats and how such threats can be avoided. Other than that, Information Security e-Learning course is also part of their new hires’ induction program so that they can relate to why the company viewed Information Security as a highly important matter.
Hence, the internship experience had undeniably ignited my interest in data protection and information security which prompted me to join the Data Protection Study Programme when it was being offered. Prior to my internship experience, I had also understood that data protection is vital to upkeep a company’s reputation, since information are considered as critical and valuable assets to a company. Shall there be any data leakage, it will cause serve damage to the company’s reputation and ruined the trust that customers or clients have for the company. Not only so, the data breach could bring inconvenience to individuals who were affected, as their personal information are leaked and could be misused.
For instance, one of the notable data breach incidents was Uber Technologies Inc data breach that caused an exposure of personal information of about 57 millions accounts. In this data breach which happened in 2016, personal information that was stolen by the hackers include the names, e-mail addresses and mobile numbers of Ubers users across the globe as well as the names and license numbers of Uber US drivers. It was being covered up for almost a year as the hackers were paid SGD135,000 to keep secret of the massive breach.
Even though it was stated in the news that Uber users can be rest assured that there was no sign of fraud, however, as an Uber’s user myself in the past before the company withdraw from the Southeast Asia market, it had undeniably shaken my confident for Uber. Yes, there might be no sign of fraud now but no one knows what lies in the future. As consumer, I would definitely be feared if my personal information will be misused for any unappropriated transaction in the future. Hence, it is critical for a stringent data protection policy to be in-place in organisations, especially those in services industry as they will be handling large volume of personal information of their consumers, partners, and/or clients etc. Otherwise, even if the data breach incident did not occur in Singapore, it could still affect consumers like us with the accessibility and convenience of network transmission or data sharing devices in today’s globalisation.
Over the three days of Data Protection Study Program organised by the Straits Interactive and SMU Academy, I had learnt the followings:
· Role of Personal Data Protection Commission (PDPC)
· Selected sections under the Personal Data Protection Act (PDPA)
· Trial usage of Data Protection Management System (DPMS)
· Data Flow Mapping Technique
Besides, I was assigned to a group and did a case study analysis alongside with other students of the program. This case study analysis allowed me to have a better understanding of how DPMS works and how seemingly trivial negligence could blow into a much serious data breached.
Upon graduation, regardless of the industry or position I am at, personal information such as data of employees or clients will be examples of information that I will come across with. Hence, I hope with the knowledge I gained from the program, it will help me to set my foundation right about data protection.
Comments