Your personal data is for sale—that’s not news to anyone

In recent years, Singapore’s Personal Data Protection Act 2012 (“PDPA”) has become a hot topic of discussion, due to the rising tendency of keeping sensitive personal data online. The PDPA is important because it protects individuals’ personal data while also acknowledging the necessity for businesses to “collect, use, and disclose” personal data for acceptable purposes.

What you should know about selling customer information

Anyone creating an online store, launching an app, or operating any other online property that may gather user data is unlikely to be oblivious of the legal obligations for data privacy at this time. Most websites collect data, even with basic website cookies that only enable correct functionality or anywhere that requires a login, and this data must be treated with care.

Organizations should think about where their users or customers are located because privacy regulations tend to establish compliance obligations based on location. The CCPA, for example, applies to businesses that have consumers who live in California. It makes no difference whether the corporation is based in the state or has a physical presence there. Similarly, the GDPR protects European Union residents and their data regardless of where the companies collecting their data are based in the world. It is becoming increasingly difficult for any online firm to operate without a global presence.



Companies must also be aware of the compliance parameters of the privacy regulations to which they are subject, such as revenue or customer number thresholds, as previously stated. Consumers must opt-in before data is gathered, or only before it is sold, depending on the consent model. Companies that gather data from specific groups such as children must be trained and advised by a skilled lawyer, as well as ensure that peripheral operations such as security, storage, deletion, consumer requests, risk assessments, and audits are handled correctly.

Fortunately, compliance with any of the major international privacy laws, particularly well-established and conservative ones like the GDPR, assures that significant work has been done toward attaining compliance with other international regulations, both present, and future.

What should you know before handing up your personal data to others?

The consent obligation is the first of the main data protection obligations. In general, the consent obligation needs that an individual or an organization acquire consent before collecting, using, or disclosing personal information about individuals. The PDPA allows for various types of consent, such as deemed consent, in addition to real consent given directly (i.e. vocally accepting or agreeing in writing) by the subject. Whereas an individual is repeatedly given the choice to opt-out of giving consent, this is an example of deemed consent; however, whether the failure to opt out is considered deemed consent is also dependent on the unique circumstances of each case. Such variables can include how visible and obvious the choice to opt-out was.

It is also mentioned that withdrawal of permission cannot be forbidden, but this does not rule out any legal repercussions that may occur as a result of the withdrawal of consent. For example, if a stipulation in your agreement with the individual states that permission is required and that if a proof is withdrawn at any time, the organization may stop supplying the individual with the contractually agreed-upon services without it being considered a contractual breach.



How To Protect Yourself Against Identity Theft?

Taking precautions to safeguard your personal information can help you avoid being a victim of identity theft. Here’s how to avoid being a victim of identity theft.

First, documents containing personal information should be kept safe.

Keep a safe place for your financial data, Social Security and Medicare cards, and any other documents containing personal information. When you’re ready to get rid of those documents, shred them first before discarding them. If you don’t have a shredder, check for a local shred day or blot out account information using a marker.



Be alert to phishing and spoofing.

Scammers can imitate government or company calls, and emails that appear to be official could be attempts to steal your personal information. Rather than replying to a phone or email, initiate a callback or send a return email from a known entity, such as the official website. Also, attachments should be avoided because many of them contain viruses.


Use strong passwords and add an authentication step.

To create and maintain complicated, unique passwords for your accounts, use a password manager. Passwords should not be reused. You can lessen your risk by using an authenticator app. Don’t rely on security questions to protect your accounts; your mother’s maiden name and the name of your pet are both easy to find. Consider what you post on social media to ensure you don’t reveal sensitive information or signals about how you respond to security questions.


Want to learn more to protect your personal data? Come join our “Fundamental of Personal Data Protection Act 2020” before it is too late. A 3-days are able to provide you with the fundamental knowledge to safeguard yourself. Hope to see you there.