A Singapore press holdings portal

Business, News

Singapore certification for data protection officers

The Straits Times | Irene Tham | Monday, Mar 13, 2017

Participants work on various challenges of the Singapore Cyber Conquest during the Government Software Conference at the Suntec Singapore International Convention and Exhibition Centre.

Photo: The Straits Times

Singapore's privacy watchdog is developing a local certification programme for data protection officers (DPOs), whose job is to better equip companies for a digital future in which more and more data must be protected.

Besides equipping DPOs to do a better job, it is hoped that the certification programme will also give more recognition to the role and attract more people to take it up.

Experts estimate that there will be more than 10,000 DPO jobs here over the next three years.

Read also: If you can hack it, DBS wants you

Mr Tan Kiat How, commissioner of the Personal Data Protection Commission (PDPC), which was set up by the Ministry of Communications and Information in 2013, told The Straits Times: "Certification will accord DPOs with professional recognition and equip them with the skills and knowledge to better carry out their responsibilities."

Mr Tan said details would be revealed in a later announcement.

The Straits Times understands that the local certification programme will be cheaper than an international one available today.

So far, only 100 DPOs here are certified by the International Association of Privacy Professionals, a not-for-profit organisation based in the United States, said local data protection software firm Straits Interactive, which conducts the training here. Certification costs more than $1,000, even after a 70 per cent government subsidy.

Read also: CIA can hack your TV, smartphone and even your car: WikiLeaks

Also, based on the PDPC's survey of 1,513 organisations between March and June last year, only about 40 per cent of organisations here have a DPO on their payroll.

This is despite the appointment being mandated for all organisations by the Personal Data Protection Act, fully enforced in July 2014.

A DPO ensures that organisations safeguard against the wrongful collection, use and disclosure of personal data for marketing, which is required by the law.

Mr Chan Yew Kee, head of development at the Association of Small and Medium Enterprises, told The Straits Times that the 40 per cent DPO rate has not improved much today, as many companies have little understanding of the law.

Read also: Consider 'Hack Mindef' initiative to suss out bugs

Ms Lyn Boxall, director of boutique fintech advisory law firm Lyn Boxall, said a DPO looks at the process, whereas an IT manager looks at systems. "It is the DPO's job to vet the process of data flow internally and with third parties, and ensure that there are reasonable security measures in place," she said.

Over the past 2½ years, Singapore's privacy watchdog has responded to complaints and hauled up 26 organisations - including well-known brand names - due mainly to the lack of protection measures for consumer data. They include not protecting sensitive data with a password and not rectifying security flaws on websites or in computer systems.

Organisations that fail to protect personal data can be fined up to $1 million per breach under the Act.

Read also: WikiLeaks #Vault7: Here's what CIA can do to your gadgets - and car

Dr Lim Lai Cheng, executive director of SMU Academy at the Singapore Management University, said data protection "must be handled at the management level".

The Singapore Government's push for more organisations to turn data into an asset, such as analysing consumer buying patterns to recommend more relevant future promotions, will create demand for more DPOs to address privacy issues, she added.

As of last month, some 118 DPO or data protection-related positions were posted on job sites such as JobStreet, Monster and LinkedIn.

Said Mr Kevin Shepherdson, chief executive officer of Straits Interactive: "We are expecting a significant increase in demand for data protection skills once heavier fines are imposed and as new laws in the region and the European Union are introduced over the next year or so."

This article was first published on Mar 13, 2017.
Get a copy of The Straits Times or go to straitstimes.com for more stories.

No comments yet.
Be the first to post comment.