We had the privilege recently to conduct our PDPA Assessment Training to Tropicana Medical Centre – to almost 40 people over 2 sessions. We touched on several topics, including a live demonstration of using software for hacking and personal data collection through the internet. Furthermore, we went through the Personal Data Protection Act – and more importantly how to implement into companies.
Each companies have different implementation – each has different DNA and risk profile. The important thing is not to just use PDPA Act as a blanket implementation, but tie the requirements of PDPA (or the spirit of it, as we say) to known standards – the General Accepted Privacy Principles (GAPP) from AICPA and the Health Insurance Portability and Accountability Act (HIPAA), as well as the well known ISO27001 and PCI-DSS for IT controls.
IT Controls are generally important to the implementation of PDPA due to the fact that in most companies, information has been digitised and stored in some database or some logical storage (as opposed to metal cabinets as days of old).
Aside from those, we went through a very useful demonstration of Alien Vault, as a way to control assets, secure the network and monitor traffic to ensure information is not breached.