By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: In Singapore, small companies risk falling afoul of data protection laws
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Enterprise > In Singapore, small companies risk falling afoul of data protection laws
EnterpriseInternet

In Singapore, small companies risk falling afoul of data protection laws

Alfred Siew
Last updated: March 1, 2017 at 4:03 PM
Alfred Siew Published December 30, 2016
6 Min Read
SHARE
A backlit laptop computer keyboard. PHOTO: Colin via Creative Commons
A backlit laptop computer keyboard. PHOTO: Colin via Creative Commons

When Singapore’s data protection laws were put in place in 2012, the main concern among consumers was with the big players – telecom operators, banks and supermarket chains – misusing their private data.

Now, as these companies have toed the line, the focus seems to have shifted to small and medium businesses (SMBs), many of which do not have the know-how or budget to keep on the right side of the law.

The latest to get a slap on the wrist by the government regulator yesterday was Cellar Door, a gourmet food retailer. For having its customer data leaked online in 2014, it was fined S$5,000 by the Personal Data Protection Commission (PDPC).

The penalty may cost no more than a case of fine wine. However, the message from the data protection watchdog is clear – SMBs cannot fail to protect the personal data of their customers.

Many businesses don’t know it, but they are obliged to put in adequate security measures, from the usual lock and key for physical files to encrypting personal data for cyber security.

For failing to install a server-side firewall, close unused ports and implement stronger administrative passwords, Cellar Door’s Web hosting provider also got fined a separate S$3,000.

Therein lies the issue. While it is commendable that the government regulator is taking a tough stance on data protection, it is creating precedents with each fine it metes out.

How often, for example, do IT managers fail to implement strong administrative passwords? Or forget to close unused ports? Too often, if you ask anyone who’s in the industry.

In other words, many SMBs could find themselves in hot water for issues that plague many a company that do not have the technical know-how to keep their data secure.

Think about folks who keep Excel files of customer information in their office server, unencrypted and without a strong password. Will each one be fined if their systems get hacked?

Taking things to the extreme, what about those who install IP cameras that are then taken over by hackers to take down other servers and create mischief? What would the penalty be?

In Cellar Door’s case, neither the company nor its hosting company knows how its data was taken and posted online on the Pastebin website, where sensitive information is often leaked.

That’s hardly surprising. Many SMBs don’t have the technical skills or the knowledge to protect their data adequately. When they get hacked, they could now suffer the double whammy of a fine from the regulator.

There’s no doubt the onus is on them to secure things. Singapore’s cyber security strategy calls for everyone, from home users to large corporations, to reduce their vulnerabilities. A smaller target makes it harder for criminals to strike.

Yet, it is a tough ask for SMBs that have not kept up with the increasingly sophisticated cyber threats today. Who can blame them when even banks and government agencies get hacked despite the best defences?

In a few industries, such as the financial sector, a government regulator may prescribe the strongest measures to hold data secure. However, in many others, there isn’t enough clear guidance.

The PDPC itself lists a number of guidelines, but much of it is understandably generic as cyber security evolves so fast. They call for computer networks to be secure and regular updating of their IT equipment, which are already common sense today, really.

What does this mean to SMBs? Too often, the cyber defences put up is down to what’s called “best effort”. In other words, something is done where possible.

More can be done to get SMBs to better protect their data. Cyber security awareness is great, but SMBs can keep up with new threats with financial help from the government.

In the same way it has encouraged SMBs to take up broadband and other technologies through the PIC (Productivity and Innovation Credit) programme, it can specify that cyber security-related purchases be tax-deductable.

For SMBs, the bottomline counts most. Waving a stick at them might make them worried but not all would know how to respond. How many will pick a cloud service provider that passes the Singapore standard for cloud security, for example?

Sure, SMBs do get training on data protection today. But what’s the use of assigning a data protection officer if there’s no budget to store the data on a reliable cloud provider?

It is clear more SMBs will be hauled up for data breaches in future. Just as important as penalising them is providing the knowledge and incentive to prevent these leaks.

You Might Also Like

Five ways the Roborock S8 robot vacuum will change the way you clean your home

After another DBS outage, is it time to make banks publicly report service uptime?

IT leaders must manage the tension point between application development and security by embracing a DevSecOps approach

SPTel offers multi-network eSIM service to businesses running IoT apps

As TikTok faces a possible ban in the US, should users elsewhere be worried?

TAGGED: Cellar Door, cyber security, data protection, PDPA, PDPC, PIC, SMB

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Alfred Siew December 30, 2016
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Avatar photo
By Alfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article Goondu review: Asus ZenBook 3 looks sleek
Next Article E-grocers like Redmart and Honestbee are great but can’t replace supermarket trips
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

Five ways the Roborock S8 robot vacuum will change the way you clean your home
Internet March 31, 2023
After another DBS outage, is it time to make banks publicly report service uptime?
Enterprise Internet March 30, 2023
Xiaomi 13 Pro review: A photography powerhouse with 1-inch image sensor
Cellphones Mobile March 29, 2023
IT leaders must manage the tension point between application development and security by embracing a DevSecOps approach
Cybersecurity Enterprise Software March 29, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?