Data Security

Question 1

Name the 10 PDPA obligations (CAND|TRAP|P)

Answer 1

Users rights:
1. Consent obligation
2. Notification obligation
3. Access and Correction obligation
4. Data breach notification obligation

User’s data:
1. Accuracy obligation
2. Protection obligation
3. Transfer limitation obligation
4. Retention Limitation obligation

Others:
1. Purpose limitation obligation
2. Accountability obligation

Question 2

What is consent obligation? State a feature that can achieve this

Answer 2

Consent obligation refers to users must
-consent to the collection of their data and
- withdraw their consent to use the service

Feature: Checkbox to consent/ Deletion of account option

Question 3

What is Notification obligation? State a feature that can achieve this

Answer 3

Notification obligation refers to users must be
- notified that their data is being collected and
- notified of what data is being collected and how the data is going to be used

Feature: Notification pop up informing the user upon sign up/ FAQ page explaining data collection details

Question 4

What is Access and Correction obligation? State a feature that can achieve this

Answer 4

Access and Correction limitation ensures that users must be able to
- correct their data online and
- request how their data has been used and disseminated to; firms are obliged to provide a report within a certain time period

Feature: Edit feature + accounting process + logging systems

Question 5

What is Data breach notification obligation? State a feature which can help achieve this

Answer 5

Data breach notification ensures that users must be
- notified ASAP when there is a data breach

Feature: Activity logging system to provide detailed report to users about the breach

Question 6

What is Accuracy obligation? State a feature which can help achieve this

Answer 6

Accuracy obligation ensures that user data must be
- accurate and what the user intend to input before using the data

Feature: Data verification and validation techniques

Question 7

What is Protection obligation? State a feature which can help achieve this

Answer 7

Protection obligation ensure that user’s data must be
- protected against potential hackers and attacks

Feature: Firewalls (IDS,IPS)

Question 8

What is Transfer limitation obligation? State a feature which can help achieve this

Answer 8

Transfer limitation ensures that users data
- cannot be transferred and stored overseas such that control over the data is lost

Feature: Have programs which flags potential transfer of data overseas and only approve it after a higher up reviews it

Question 9

What is Retention limitation obligation? State a feature which can help achieve this

Answer 9

Retention limitation obligation ensures that users data must be
- removed after users pull out of the service

Feature: Deletion feature

Question 10

What is Purpose Limitation obligation? State a feature which can help achieve this

Answer 10

Purpose limitation obligation ensures that firms only
- collect and disclose data which a reasonable person will consider appropriate

Question 11

What is Purpose Limitation obligation? State a feature which can help achieve this

Answer 11

Purpose limitation obligation ensures that firms only
- collect and disclose data which a reasonable person will consider appropriate