Disposing personal data: what you do not know
In Singapore, the Personal Data Protection Act (PDPA) comes into full effect on 2nd July 2014 with new amendments as recent as November 2020. This act governs the collection, use and disclosure of personal data by all private organisations.
Most are aware of the collection and use of personal data, and its implications. However, it is the disposal of such information that is equally important but given less emphasis. According to the PDPA, failure to properly dispose of such information can lead to fines as high as SGD$1 million.
What is personal data?
To define personal data, it is data to identify a specific individual directly or indirectly. Examples of personal data include an individual’s full name, NRIC number, passport number, photograph, video image, personal telephone numbers, personal e-mail addresses, fingerprints and DNA profile.
Since personal data are stored mainly either in physical or electronic copies, it is imperative that organisations take reasonable steps to secure such information in both forms, such as ensuring physical documents are properly filed and kept in locked cabinets, and electronic documents are encrypted with passwords. Eventually, when it comes to disposing of such information, is it sufficient to throw the physical documents into the bin? Or simply press delete to remove all electronic documents into your computer’s recycle bin?
How do you dispose of them?
The recommended ways to dispose of physical media is by shredding, pulping or incineration.
- Shredding cuts the physical medium into tiny pieces making reassembling the medium almost impossible. It is also the most common way of disposing in most offices as shredders are easily available.
- Pulping is to remove the ink from the paper and then dissolving the paper into a pulp with chemicals. This will require a lot more cleaning up thereafter than simply putting the document through a shredder.
- Incineration basically burns the physical medium completely, again not the safest or most convenient option around an office.
For electronic media, it is not sufficient to press delete and clear the computer’s recycle bin. The recommended ways are
- Using dedicated software that can overwrite selected files or entire storage drives.
- Using special hardware appliances to produce strong electromagnetic fields in order to destroy magnetically recorded data
- Physically destroying the storage devices by crushing, drilling or breaking them beyond repair
If you think your personal data has been compromised, seek legal advice or approach us for a non-obligatory discussion.
Download the Telegram app and follow us for the latest updates: https://t.me/sgcompanyservices