Kevin Shepherdson - 88 Privacy Breaches to Beware Of: Practical Data Protection Tips from Real-Life Experiences

88 PRIVACY BREACHES TO BEWARE OF

This book is exceptional on a number of levels. Well-written and logically constructed, it draws upon the experience of the authors to provide a roadmap for addressing day-to-day privacy issues at a pragmatic level. The book is directed primarily at people in business who have a responsibility for handling information, and provides direction in the form of guidelines, checklists and practical examples. Although aimed primarily at laypersons, lawyers will also find this book extremely useful as a means of advising their clients as to how best to achieve legal compliance. The book is quite unique in the approach it adopts, and should prove to be an invaluable addition to the library of anyone involved in or even just interested in the adoption of best practice in the handling of data in the information age.

Gordon Hughes, Partner, Davies Collison Cave, Melbourne, author of Data Protection in Australia, and co-author of Private Life in a Digital World

Much has been written previously for compliance officers, privacy professionals and lawyers about data protection laws in Singapore, Malaysia and the region. But this handbook is for the layperson easy to read and practical. It fills in many gaps and answers many questions about how to comply with the law as well as the dos and donts in day-to-day business operations. Now that Ive seen it, I wonder why something like this wasnt produced years ago. There is now no reason why anyone involved in processing personal data should say that they dont know what to do to protect the personal information of those under their care.

Professor Abu Bakar Munir, author of Data Protection Law in Asia, Professor of Law, University of Malaya, and Associate Fellow at the Malaysian Centre for Regulatory Studies (UMCoRS)

This book achieves a rare feat: making personal data protection practical, understandable and actionable. It is a valuable resource for marketers at all levels, and we recommend it as a reference to all our members.

Lisa Watson, Chairman, Direct Marketing Association of Singapore

In this book, Shepherdson, Hioe and Boxall do three things very well. First, they focus on the very important topic of personal data protection and data privacy, and clarify how data protection, information security and data privacy protection are interrelated. Second, they explain data protection and privacy in the context of how real-world organisations actually function and how people get their work done on a day-to-day basis. This makes it easy for any type of administrator, professional, manager or executive to understand the contents of this book and relate to it. Third, from the perspective of education, learning and cognition, this book is designed in a very clever way so that it is delightfully fast and easy to find exactly what you are looking for, and to grasp what you need to understand about whatever specific aspect of data protection and privacy you need to clarify. As such, this book can be used as a handy on-demand reference at the time of need. Or, you can read it cover to cover, and then keep referring to the relevant chapters on-demand as the need arises.

Professor Steven Miller, Dean, School of Information Systems, Singapore Management University

As discussed in this book, taking an operational compliance approach is the responsible and most effective approach to achieve ongoing and demonstrable compliance while minimising the chances of a breach. This book provides an excellent review of privacy by looking at the principles of privacy from the perspective of an information life cycle. This perspective provides a structure to enable truly practical guidance, and as you can ascertain from the title of the book, it delves into privacy at a granular level, providing structured guidance to privacy professionals.

Terry McQuay, CIPP, CIPM, President, Nymity Inc.

This book helps provide real-life illustrations to walk business leaders through the choices they will have to make in designing their products, services and processes whilst keeping privacy in mind. As being reasonable is one of the requirements in the PDPA (Personal Data Protection Act), it is no longer just about obtaining consent, but knowing how to properly balance privacy obligations with business desires.

Ken Chia, Principal, Baker McKenzie. Wong & Leow

88 PRIVACY BREACHES TO BEWARE OF

2016 Kevin Shepherdson and Marshall Cavendish International (Asia) Pte Ltd

Published in 2016 by Marshall Cavendish Business

An imprint of Marshall Cavendish International

1 New Industrial Road, Singapore 536196

All rights reserved

No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the copyright owner. Requests for permission should be addressed to the Publisher, Marshall Cavendish International (Asia) Private Limited, 1 New Industrial Road, Singapore 536196. Tel: (65)6213 9300. Email:

The publisher makes no representation or warranties with respect to the contents of this book, and specifically disclaims any implied warranties or merchantability or fitness for any particular purpose, and shall in no event be liable for any loss of profit or any other commercial damage, including but not limited to special, incidental, consequential, or other damages.

Other Marshall Cavendish Offices:

Marshall Cavendish Corporation. 99 White Plains Road, Tarrytown NY 105919001, USA Marshall Cavendish International (Thailand) Co Ltd. 253 Asoke, 12th Flr, Sukhumvit 21 Road, Klongtoey Nua, Wattana, Bangkok 10110, Thailand Marshall Cavendish (Malaysia) Sdn Bhd, Times Subang, Lot 46, Subang Hi-Tech Industrial Park, Batu Tiga, 40000 Shah Alam, Selangor Darul Ehsan, Malaysia.

Marshall Cavendish is a trademark of Times Publishing Limited

National Library Board, Singapore Cataloguing-in-Publication Data:

Name(s): Shepherdson, Kevin Linus. | Hioe, William, author. | Boxall, Lyn, author.

Title: 88 privacy breaches to beware of : practical data protection tips from real-life experiences / Kevin Shepherdson, William Hioe & Lyn Boxall.

Description: Singapore : Marshall Cavendish Business, 2016.

Identifier(s): OCN 945629116 | eISBN 978 981 4751 72 8

Subject(s): LCSH: Data protection. | BusinessData processingSecurity measures. | Computer security.

Classification: LCC HF5548.37 | DDC 658.478dc23

Printed in Singapore by Fabulous Printers Pte Ltd

by Dr Toh See Kiat

In 1980, the OECD formulated its eight principles of data protection. In 1984, the UK came out with one of the first pieces of legislation in the world that dealt with data protection. I was in London in 1985, starting on my PhD in cyberlaw. You can imagine that it was an exciting time to begin research and study in this new legal milieu. In 1991, I obtained my PhD, the year the English Court of Appeals (in the case of Kaye v Robertson [1991] FSR 62) denied that there was a common law right to privacy.

The European Union came out with its data protection Directive in 1995 and this resulted in the UK reforming its law with the passing of the Data Protection Act 1998. I remember there was much excitement on this topic in Southeast Asia too as Malaysia and Singapore went neck to neck on moves to be the first SEA country to enact a data protection law. I remember that my former Parliamentary colleague, Professor Chin Tet Yung, even went as far as drafting a Data Protection Act for Singapore. Why, you may ask, did Singapore then take 32 years to introduce data protection laws when for the most part it has been running with the head of the pack in legislation to support an IT-savvy Smart Nation?