We often talk about the threat that cyber criminals pose to businesses, but it’s worth remembering that any organisation is susceptible to data breaches and cyber attacks. In November 2017, Xinmin Secondary School in Singapore reported that hundreds of students’ national registration numbers were leaked online.
You might think that criminal hackers would have little use for children’s ID numbers. They can’t be used to commit financial crime, which is the motive for many attacks, nor can they be used to access sensitive information. However, it’s essential not to downplay the seriousness of any data breach. If this information was paired with other data, criminals could commit identity fraud. Moreover, the breach indicates poor cyber security practices generally, meaning sensitive information could be at risk.
There is also the inherent sensitivity that comes with children’s data. Children have little to no control over the way their data is collected and used, which is partially why most data protection regulations single out children’s data with special requirements.
Schools and other authorities that are governed by Singapore’s Ministry of Education (MOE) are exempt from the country’s Data Protection Act. Instead, they are required to follow public-sector rules, which have not been made public.
A spokesman for the MOE told The Straits Times: “In line with government IT security policies, MOE has stepped up efforts to work with schools and ensure that their security measures continue to be effective.”
Of course, this issue is not unique to Singapore. Schools across the globe, from Australia to the US, have suffered data breaches, evidencing a universal need to address cyber security in the public sector as well as the private sector.
Many organisations in Asia will soon get a wake-up call when it comes to data protection. On 25 May 2018, the EU General Data Protection Regulation (GDPR) comes into effect, introducing and strengthening rules on protecting personal data. It applies to all EU residents, including those who live abroad.
Many schools and other organisations in Asia will be affected by the GDPR, so if you’re not familiar with it, you need to act now. The Regulation includes a lot of complex requirements, so understanding what you need to do and putting in place the appropriate measures will be a long and complicated process.
Those who don’t know where to begin should consider our GDPR compliance consultancy service.
Our team of experienced data protection experts can help your organisation by supplying best-practice solutions, from understanding your GDPR compliance position and developing a remediation roadmap to implementing a best-fit data compliance framework.
The process includes:
- A data flow audit, in which we develop a data inventory and flow map of the personal data stored and shared by your organisation;
- A GDPR gap analysis, in which we assess your compliance with the GDPR and the key areas you need to address; and
- GDPR transition services, which help you develop and implement a robust data protection framework.