You are previewing 88 Privacy Breaches to Beware Of.
O'Reilly logo
88 Privacy Breaches to Beware Of

Book Description

Data protection laws are new in Singapore, Malaysia and Philippines. Indonesia and Thailand will be introducing new laws in 2016. In the European Union, the General Data Protection Regulation (GDPR) — a single law across all of EU – is expected to come into force from 2018. There are also strict laws in the US that govern the processing of personal data. Over a hundred countries in the world have a comprehensive data protection law and it is very easy for individuals and companies to breach these laws. Data or privacy breaches are on the rise and businesses can be prosecuted under data protection laws. Fines for non-compliance can be from S$1 million in Singapore, up to three years jail in Malaysia, and up to 4% of global revenues for EU countries. The focus on this book is operational compliance. The book is for everyone as all of us in the course of our daily work process personal data. Organised into sections, each idea provides practical advice and examples of how a breach of the law may happen. Examples cover HR, Finance, Admin, Marketing, etc, allowing the reader to relate to his or her own area of work.

Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. Contents
  5. Foreword
  6. Introduction
  7. Glossary
  8. Section A: Governance & Information Asset Management
    1. 01. Data protection: don’t forget that it is also physical
    2. 02. Investigated by a regulator? Will it find only good – or some bad?
    3. 03. Designing privacy into information systems and processes
    4. 04. Is document classification really necessary?
    5. 05. You can delegate the task but not the responsibility
    6. 06. We don’t get any complaints so that’s good, right? Well, maybe not.
    7. 07. What if your warehouse loses personal data belonging to your organisation?
  9. Section B: Collection of Personal Data
    1. 08. Are your sales and service counters compliant with the data protection law?
    2. 09. Common mistakes of voluntary welfare organisations
    3. 10. Photo and video images – including CCTV – can be personal data too
    4. 11. Data protection reservations about reservations – risks for restaurants
    5. 12. Safeguarding privacy during data collection
    6. 13. Lucky draws – do you need to know so much about me?
    7. 14. Excessive collection of personal data in a sales engagement
    8. 15. Excessive collection of personal data in an online membership form
    9. 16. Is your public WiFi service collecting excessive personal data?
    10. 17. Organisations, mobile apps and the data protection law
    11. 18. Over-collection of personal data: “This is our company policy” is no longer acceptable
    12. 19. The trouble with overzealous sales and marketing techniques
    13. 20. The trouble with poaching ex-customers
    14. 21. Review your employment application form before it’s too late
    15. 22. Shhhh… Speak softly for privacy’s sake
    16. 23. The trouble with third-party sources… of personal data
    17. 24. Personal data and warranty cards: tips for the customer care team
    18. 25. Watch out – your security post may not be secure
    19. 26. No, giving a purpose for collecting excessive personal data may not avoid trouble
    20. 27. Signing visitors into your premises – what does that do to your privacy programme?
  10. Section C: Usage of Personal Data
    1. 28. Anonymising personal data – but is the individual really not identifiable?
    2. 29. Beware of secondary usage of personal data
    3. 30. How securely is the information baton passed in your organisation?
    4. 31. Importance of controlling document access and duplication
    5. 32. Bad things happening with documents and personal data
    6. 33. Paper documents – the Achilles heel for organisations
    7. 34. The perils of file exchange and sharing
    8. 35. Publicly available data – is it really free to use?
    9. 36. Secrets and dangers of using a digital copier
    10. 37. Using personal data from unclear or unauthorised sources
    11. 38. Watch your spreadsheet – spreading personal data in a data breach
    12. 39. “With great power comes great responsibility” – access to employee personal data
  11. Section D: Data Accuracy & Integrity
    1. 40. Identity verification – the wrong way
    2. 41. Identity verification – the right way
    3. 42. The trouble with processing personal data inaccurately
    4. 43. Process personal data accurately or face unintended consequences
    5. 44. The trouble with a poor customer verification process
    6. 45. Trusting organisations for the accuracy of our transaction data
    7. 46. Hitting the “send” button and regretting it
    8. 47. Where data accuracy goes beyond correctness
    9. 48. Your identity card number – a prime vulnerability for personal data breach
  12. Section E: Physical & Environmental Security
    1. 49. Clean desk way to data privacy
    2. 50. The dangers lurking in public computer terminals
    3. 51. Open office, open invitation to snoop
    4. 52. Remember to clear out
    5. 53. Smart devices – new challenges for data privacy
  13. Section F: Security, Storage, Retention & Disposal of Personal Data
    1. 54. Do you value privacy on your mobile devices?
    2. 55. Guess what I found when I sent my notes for photocopying?
    3. 56. Lock it or lose it
    4. 57. Lost and found – selfies in your mobile phone
    5. 58. Operational compliance: the importance of the human factor in preventing data breaches
    6. 59. Out of sight, out of mind
    7. 60. Sending sensitive documents – learning from data breaches by law firms
    8. 61. The pack rat syndrome – and how it can bite you
    9. 62. Beware – don’t ever lose or misplace your USB drive or other portable storage device
    10. 63. Call centres – a treasure trove of personal data
    11. 64. Do you trust the PC repairman with your personal data and other confidential information?
    12. 65. Mishandling physical documents containing personal data can get you into trouble
    13. 66. The data protection law also applies to freelancers
    14. 67. Do you do regular email housekeeping?
    15. 68. Beware of your laptop or home computer
    16. 69. Beware when connecting to public WiFi – don’t trust the postman!
    17. 70. Digitising may be efficient, but don’t forget the hardcopy
    18. 71. Don’t be social engineered!
    19. 72. Think that you will never be a victim of cyber theft? Think again!
    20. 73. A-tearing we will go
    21. 74. Is that your name, address, phone number in the dump?
    22. 75. Whatever happened to your unwanted computers and portable devices?
  14. Section G: Disclosure of Personal Data
    1. 76. Do agents and service providers get too much personal data?
    2. 77. Be warned – when it comes to dismissals, resignations and employee warnings
    3. 78. Complaints about complaints – the problem with disclosing personal data
    4. 79. Does your notice board contain personal data?
    5. 80. CCTV footage – to show or not to show… and to warn?
    6. 81. Don’t disclose employees’ personal data without consent, even with good intent
    7. 82. Landlords beware! You too can get into trouble
    8. 83. People know more about you than you realise
    9. 84. Take requests for personal data seriously – or else
    10. 85. Uploading videos to social media may be fun to some but not to others
    11. 86. Watch what you say about your employees or clients
    12. 87. You leave behind more than your footprints and fingerprints
    13. 88. Organisations disclosing personal data to third-parties – proper consent sought?
  15. Final Thoughts
  16. Acknowledgements
  17. About the Authors
  18. Index