Data protection by Djenee
Data Protection for Security Systems and Cyber Security Integration
With the arrival of the new Personal Data Protection Act (PDPA), persons whose data are processed will have more rights. That is why stricter rules have been drawn up for organisations that process personal data and you must ensure that the privacy of the persons whose data you process is guaranteed. Camera and/or access control systems often process personal data..
- 1SECURITY SYSTEMS PROTECT PERSONAL DATA
If you make video recordings for security purposes and people are recognizably portrayed,
then there is personal data that is processed. After all, the video images are collected,
sometimes (temporarily) stored and used to supervise. If your employees gain access to
your business premises with an access pass or tag, the access control system will record
who has been granted access and when. If this is done in your name or with a traceable
identification number, then there is also the processing of personal data.
- 2PDPA: what does that mean for you?
In order to comply with the PDPA with your (existing or new) camera and/or access control
system, you will have to take a number of steps. The most important five can be found
(i) Perform Data Protection Impact Assessment (DPIA)
(ii) Create and maintain a register of processing activities
(iii) Conclude processing agreements with processors
(iv)Technical and organisational measures to prevent risks of privacy violations
(v) Registering data breaches
- 3SECURITY PRIVACY SCAN
Existing security systems sometimes require additional technical and organisational
measures to be taken to ensure that only those data that are necessary for the specific
purpose are processed. Djenee can perform a quick scan for you to determine what additional
measures are needed to comply with the PDPA.
DATA BREACHES AND PRIVACY BREACHES
Our partner, Chakra, adopts a four key steps process In the event that a data breach may happen as recommended by Personal Data Protection Commission Singapore in their GUIDE ON MANAGING AND NOTIFYING DATA BREACHES UNDER THE PERSONAL DATA PROTECTION ACT (15 March 2021).
- To the extent possible, limit the breach by shutting down the relevant systems or limit
access to said systems. If the system in question is operated by a third party.
- If suspected of a criminal offence (i.e. hacker) alert the police to help with
- If privacy or unauthoriSed access to user accounts are detected, disable access to
affected accounts, and de-authorise relevant persistent logins.
- Identify the cause of the breach
- Assess impact
o Cause and extent of breach?
o How many people are affected?
o What are the risks?
o What can be remedied?
o How sensitive was the data involved?
- Following assessment:
o Notify the PDPC if 500+ individuals are affected
o Notify individuals if significant harm is likely
o For example, if they will be unable to access their accounts due to the
containment measures, if their emails are likely known, if their passwords and
cookies are compromised
o Inform them of actions they can take (reset password, clear cookies, etc.)
o Leave contact details
Evaluate and take actions
o Remedy the breach
o Suspend the practice that led to the breach
o Identify areas of weakness (i.e. effectiveness of the containment and
response; corrective actions and response time)
This Data Protection Notice (“Notice”) sets out the basis which The Djenee Corporation Pte.Ltd may collect, use, disclose or otherwise process personal data of our customers in accordance with the Personal Data Protection Act (“PDPA”). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
The Djenee Corporation Pte. Ltd. © 2022