A-Z of data protection: terms you need to know
D
data breach
• confirmed unauthorised disclosure of data
• an incident which compromises the confidentiality, integrity, or availability of personal data in an organisation's possession
data life cycle / information life cycle
• the movement of data in an organisation from collection to disposal or transfer
• the stages of the life cycle include collection, use or processing, storage, disposal, and disclosure or transfer of data
data portability obligation
• upon an individual's request, an organisation must transfer his/her personal data to another organisation in a common machine-readable format
• one of the 11 data protection obligations under Singapore's Personal Data Protection Act (PDPA)
data privacy
• the appropriate use of personal data under the circumstances
• an individual’s right to control the collection, use, and disclosure of personal data, and to live freely from surveillance and intrusion
data protection
• the management of personal data in the information lifecycle, which includes information security
data protection notification obligation
• an organisation must notify both the affected individuals and the regulatory bodies (e.g. PDPC for Singapore, NPC for Philippines) when a data breach occurs, especially when the breach may cause harm to individuals or has affected a large number of individuals
• one of the 11 data protection obligations under Singapore's Personal Data Protection Act (PDPA)
data protection obligations
• the tasks required of an organisation handling any form of personal data, as stated in Singapore's Personal Data Protection Act (PDPA)
• there are a total of 11 data protection obligations under the PDPA, covering both an organisation’s customers and employees
Data Protection Trustmark (DPTM) [Singapore]
• a voluntary certification for organisations developed by the PDPC and the Info-Communications Media Development Authority (IMDA) that demonstrates an organisation’s compliance with Singapore’s Personal Data Protection Act
• assures consumers that the organisation has data protection policies in place to protect consumers’ personal data
• for data intermediaries, the DPTM assures with clients that personal data is being handled responsibly
Data Protection Management Programme (DPMP)
- • A systematic framework to establish a robust data protection infrastructure for organisations
- • Includes policies and processes for the handling of personal data
- • Defines the roles and responsibilities of employees with regards to data protection