Towards the end of last year The Straits Times reported
that 90 per cent of mobile apps in Singapore (including those from banks, telcos, real estate agents and financial advisers) do not adequately comply with data protection laws in Singapore. The concern continues this year in another article
in the Straits Times. This topic is important. In today's online world, it is worrying to hear about such a high level of non-compliance. In this post we look at the issues of non-compliance and provide our top tips to help app-makers in 2016.
Why are apps still not in compliance?
There are two key areas where apps are not in compliance:
- Lack of transparency: Apps are not providing app users with clear information about what data is collected and are not obtaining informed consent from app users.
- Data maximisation: Apps are collecting more data than they really need. It doesn't take much of a leap … Continue Reading ››
Datonomy will be taking a short break over the upcoming UK bank holiday, so here is this week's round up of legal and regulatory developments and other news on cybersecurity from the Datonomy blogging team at Olswang LLP, a little sooner than usual.
UK policy and regulatory developments
- CERT-UK has published its first annual report detailing the major pieces of malware that have operated in the UK over the last year (spread by criminal groups and nation states), a sector breakdown, a review of the Cyber Europe 2014 programme and the Cyber Security Information Sharing Partnership (CiSP), in addition to six predictions for 2015/2016, that include:
- The supply chain will be hit hard (following supply chain weaknesses exploited in the attacks on US companies JP Morgan, Target and Home Depot, the threat is expected to cross the Atlantic this year) ;
- Mobile devices will be a single point of failure for business and … Continue Reading ››
Singapore's Personal Data Protection Commission (PDPC) has been busy. It has just published a number of new resources to help businesses comply with the Personal Data Protection Act. Here are the three we have identified as having the biggest practical application for companies in Singapore:
- Sample clauses and guidance for marketing consents. For companies collecting data for marketing purposes, these standard clauses will help. They cover a broad range of scenarios, including consent in the context of membership applications and lucky draws, and language for the withdrawal of consent. The PDPC has also published some guidance to support the sample clauses.
- Guide to securing data "in electronic medium". For organisations which store data in an electronic format (so, pretty much everyone), these guidelines list certain specific IT security measures that can be implemented to enhance security, split into "good practice" and "enhanced practice".
- Guide to managing data breaches. The PDPC … Continue Reading ››