Data Privacy protection breaches rise significantly

This issue was raised by National Privacy Commission Chairman Raymund Liboro very recently. He added: ‘One of the biggest concerns in the Philippines is business data negligence where data breaches due to carelessness happen.

‘Being hacked is not a crime, but being negligent is: To demonstrate what is happening here and elsewhere, I would like to focus on recent developments in Singapore where an increasing number of enforcement actions were initiated due mostly to common mistakes in failing to protect personal data.

As of the end of August 2019, there were 26 organizations that were either fined or warned in enforcement cases as compared to 23 organizations recorded in the full year of 2018.

This represents a 13% increase in enforcement action by the Personal Data Protection Commission (PDPC). A total of S$1.28m (Pesos 48.4 million) in fines have been issued to date this year, the majority of which came from fines imposed because of the SingHealth-IHIS data breach.

Let’s have a look at the Top 10 Common Causes of PDPA Breaches

1. Untrained staff

2. No data protection policies

3. Inadequate security controls

4. Lack of appropriate SOPs

5. Weak passwords

6. Poor system/software design

7. Sending to wrong recipients

8. Failure to verify the accuracy of processed data

9. System security not audited regularly

10.Error in processing/printing

What sectors were affected by breaches mostly?

Top 5 Industry Sectors

1. Financial (14%)

2. Retail (14%)

3. Volunteer Welfare Organizations (10%)

4. Professional Service (9%)

5. Food & Beverage (9%)

What were the Top Breaches?

1. Protection (80%)

2. Policies (17%)

3. Consent (16%)

4. DPO compliance 11 (9%)

5. Purpose Limitation(8%)

Let me add a recent statement of NPC Chairman Liboro:

The NPC is currently conducting ‘privacy sweeps’ on company mobile apps and websites by sector. This is anchored on transparency checks whether companies are being transparent in telling how they use personal data.

As compliance is such a strategic issue it deserves top management’s utmost and undivided attention, and willingness to make resources, like automation tools, available.

Looking at the development in Singapore and the plans of NPC’s Chairman Liboro, it is pretty clear that you and your company will not get away with negligence in data privacy protection in future! You better act now.

As I have mentioned before, there are tools available to assist you / your companies to prepare for data privacy breaches. If you were to employ those, you can effectively show to NPC that you were not negligent and consequently you should not be fined. If assistance is needed, email me at [email protected]