The push for data privacy regulation has exploded in recent years, with the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) taking center stage. Gartner predicts “ By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today.”
For much of the world, this regulatory shift will have a substantial impact on the way businesses collect and process information. However, organizations carrying out activities involving personal data in Singapore have already been operating under such a framework since the passage of the Personal Data Protection Act (PDPA) in 2012.
The PDPA established a general data protection program, focused on the following key obligations:
Similar to other data protection compliance mandates, the PDPA sets out to address concerns about the unauthorized access and permissions to personal data, as well as placing controls over who has access to it, and what they (and their organization) can do with it. It also aims to empower the end-user to manage and control the use of their personal data.
It’s important to note the PDPA’s applicability and scope. These provisions apply to ALL organizations carrying out activities involving personal data in Singapore, and includes (but is not limited to) the following examples of sensitive personal data:
Data privacy must take into consideration the critical interests of the business. Complying with privacy regulations, like PDPA, should be top-of-mind. All organizations need to consider risks. If you fail to comply, you need to understand the risks your company is willing to take. To understand the risk requires a gap analysis of your legal, regulatory and reputational obligations, and how your organization measures up.
In order to prevent breaches and maintain regulatory compliance, you need:
This will reduce the likelihood of a breach and put you in a more defensible position with regulatory authorities. Secure data infrastructure provides robust data privacy, protection against breaches, and regulatory compliance.
To safeguard private and sensitive data, organizations need technology and policies that prevent unauthorized access to critical or sensitive data and respond to real-time threats. Organizations need less human involvement to achieve effective data privacy. They need more technology that automatically discovers heterogeneous data repositories, determines which repositories have personally identifiable data, and ensures controls for who has access to what. The technology needs to identify the owner of the data, with workflows that allow data owners to review sensitive data and govern access.
Data security can be accomplished without data privacy, but you can’t achieve data privacy without data security. And when it comes to complying with regulations, or protecting against breaches, if you don’t know your data, you won’t know what to do with the data.
Stealthbits provides a range of capabilities that allow users to identify, secure, and report on consumer data and personally identifiable information (PII).
Stealthbits’ StealthAUDIT, a full-fledged Data Access Governance (DAG) solution, can:
Discover Hosts: Identify the different platforms within your network that may contain various unstructured and structured data repositories, to ensure a comprehensive view of your organization’s privacy data footprint.
Discover Sensitive Data: Analyze content for patterns or keywords that match built-in or customized criteria related to customer privacy, and classify that data.
Understand Access Rights: Once sensitive data has been discovered, determine who has access to that data and what they’re doing with it.
Perform Remediation Actions: Automate all or portions of the tasks you need to perform to demonstrate compliance with data privacy regulatory standards, including responding to Data Subject Access Requests (DSARs) and deletion or archival of stale data.
IDENTIFY THREATS. SECURE DATA. REDUCE RISK.
Stealthbits Technologies, Inc. is a customer-driven cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data. By removing inappropriate data access, enforcing security policy, and detecting advanced threats, our highly innovative and infinitely flexible platform delivers real protection that reduces security risk, fulfills compliance requirements, and decreases operational expense.
The Stealthbits logo and all other Stealthbits product or service names and slogans are registered trademarks or trademarks of Stealthbits Technologies, Inc. All other trademarks and registered trademarks are property of their respective owners.
Adam Rosen serves as Vice President of Data Access Governance at Stealthbits – now part of Netwrix. An expert on managing and securing unstructured data, Adam has helped organizations of all sizes implement controls and policies to meet security, compliance, and efficiency objectives. In his current capacity at Stealthbits, he manages the industry-leading StealthAUDIT suite that enterprises around the world depend on to defend their most critical information.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.Read more
Start a Free Stealthbits Trial!
No risk. No obligation.