THE Personal Data Protection Commission (PDPC) has proposed a framework which would ensure that, in the event of a personal data breach where there was a risk of impact or harm, companies would have to inform the affected individuals as soon as possible. Under the proposed mandatory data breach notification (DBN), in case of breach incidents that involve 500 or more individuals, the affected organisations would have to notify the PDPC within 72 hours of the incident, in addition to all the cases where there is risk of harm to affected individuals. This would allow PDPC to better ascertain the level of risk and manage data breaches at the national level. PDPC said the mandatory DBN measure would allow affected individuals to take steps to protect themselves, like changing passwords or cancelling credit cards, depending on the nature of the breach. It would also allow the organisation to receive guidance from PDPC on post-breach remedial actions. Places such as Australia, Canada, New Zealand, UK, the US and the European Union have either already implemented a DBN framework or are looking to introduce it. The mandatory DBN is among a series of measures proposed to improve Singapores data protection framework while ensuring that the data can be shared in a safe and secure manner in the growing digital economy. Speaking at Singapore's Personal Data Protection Seminar on Thursday, Minister for Communications and Information Yaacob Ibrahim said the PDPC has charted a threestage process to help companies along a journey from compliance to accountability. In the first stage, the PDPC will be introducing, later this year, an online assessment tool and will be producing guides to help companies put in place a Data Protection Management Programme (DPMP) and help businesses conduct Data Protection Im-BUS354 Copyright 2019 Singapore University of Social Sciences (SUSS) Page 3 of 6 Examination January Semester 2019 pact Assessments (DPIAs). During the second stage, the minister said, a Data Protection (DP) Trustmark certification scheme would be launched by the end of 2018. A survey by PDPC last year found that four in five consumers would be more confident transacting with an organisation that has an accreditation for meeting personal data protection standards. In the third stage, the minister added, there is a plan to allow for a more progressive approach to collecting and using personal data, while also providing greater transparency when data breaches occur. Talking about Singapores participation in the APEC Cross-Border Privacy Rules System (CBPR) and Privacy Recognition for Processors (PRP) system, he noted that this would align the DP Trustmark standards with this system. Companies that obtain the DP Trustmark standards would concurrently be certified under the APEC CBPR. (Adapted for academic use. Data protection panel proposes mandatory notice of breaches, The Business Times Friday 28 July 2017. Accessed on 13 March 2018.)

Question:

In view of the plans of the PDPC to make firms more accountable in the event of any data breach, analyse the five (5) key privacy issues that must be addressed to prevent the abuse of customers particulars.

Use these notes to answer the question

Key Privacy Issues To prevent abuse of customers particulars, some of the important privacy issues marketers must take note of are: 1. What do we need to know to serve a customer better and increase his/her value? 2. What information do we really need in order to know that? 3. Once we get that information, how do we balance distribution at the front lines with the need to protect a customers privacy? 4. What are the limits on how we will share or distribute data? 5. How will we protect and secure the data?