As noted by the commission, the number of incidents of accidental unauthorised disclosures of personal data has spiked since the pandemic led to more of the workforce working from home. While this should come as no surprise, what is important to note is that such commonplace situations could constitute notifiable data breaches in future, once Singapore's mandatory breach notification law kicks in.
The commission has today issued a guide which highlights frequently encountered situations whereby organisations accidentally disclose personal data to unauthorised recipients. It provides good practice examples for organisations to adopt, including two checklists for the processing and sending of personal data, as well as for the outsourcing of such functions.
This guide highlights good practices for organisations that process and send physical documents or electronic communications containing personal data, be it for their own purposes, or on behalf of and for the purposes of other organisations (e.g. services handling mail merging and enveloping of documents).