Personal Data Protection Act

The purpose of Personal Data Protection Act is to govern the collection, use and disclosure of personal data by organisations in a manner that recognises both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.

Overview

What is Personal Data?

Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access. Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA).

What is the Personal Data Protection Act?

The PDPA establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data. It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.

The PDPA provides for the establishment of a national Do Not Call (DNC) Registry. The DNC Registry allows individuals to register their Singapore telephone numbers to opt out of receiving marketing phone calls, mobile text messages such as SMS or MMS, and faxes from organisations.

Objectives of the Personal Data Protection Act

Today, vast amounts of personal data are collected, used and even transferred to third party organisations for a variety of reasons. This trend is expected to grow exponentially as the processing and analysis of large amounts of personal data becomes possible with increasingly sophisticated technology.

With such a trend comes growing concerns from individuals about how their personal data is being used. Hence, a data protection regime to govern the collection, use and disclosure of personal data is necessary to address these concerns and to maintain individuals’ trust in organisations that manage data.

By regulating the flow of personal data among organisations, the PDPA also aims to strengthen and entrench Singapore’s competitiveness and position as a trusted, world-class hub for businesses.

How does the Personal Data Protection Act Work?

The PDPA will ensure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks. This means that organisations will have to comply with the PDPA as well as the common law and other relevant laws that are applied to the specific industry that they belong to, when handling personal data in their possession. 

The PDPA takes into account the following concepts:

  • Consent – Organisations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions);
  • Purpose – Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
  • Reasonableness – Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.

Application of the Personal Data Protection Act

The PDPA covers personal data stored in electronic and non-electronic forms.

The data protection provisions in the PDPA (parts III to VI) generally do not apply to:

  • Any individual acting in a personal or domestic basis.
  • Any employee acting in the course of his or her employment with an organisation.
  • Any public agency or an organisation in the course of acting on behalf of a public agency in relation to the collection, use or disclosure of the personal data. You may wish to refer to the Personal Data Protection (Statutory Bodies) Notification 2013 for the list of specified public agencies.
  • Business contact information. This refers to an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his or her personal purposes.

These rules are intended to be the baseline law which operates as part of the law of Singapore. It does not supersede existing statutes, such as the Banking Act and Insurance Act but will work in conjunction with them and the common law.

When does the Personal Data Protection Act Come into Effect?

The PDPA takes effect in phases starting with the provisions relating to the formation of the PDPC on 2 January 2013. Provisions relating to the DNC Registry came into effect on 2 January 2014 and the main data protection rules on 2 July 2014. This allows time for organisations to review and adopt internal personal data protection policies and practices, to help them comply with the PDPA.

Development of the Personal Data Protection Act

In the development of this law, references were made to the data protection regimes of key jurisdictions that have established comprehensive data protection laws, including the EU, UK, Canada, Hong Kong, Australia and New Zealand, as well as the OECD Guidelines on the Protection of Privacy and Transborder Flow of Personal Data, and the APEC Privacy Framework. These references are helpful for the formulation of a regime for Singapore that is relevant to the needs of individuals and organisations, and takes into account international best practices on data protection.

Three public consultations were conducted since 2011 to seek feedback on the proposed data protection regime. The public consultation sought the public’s views on topics including the coverage of the proposed law, the proposed data management rules and transitional arrangements for organisations to comply with the new law. For more information on the public consultations, please visit the MCI website.

What can we do for you to cope with Personal Data Protection Act?

  •  Degauss onsite using NSA evaluated degaussers which is capable of erasing both longitudinal and perpendicular magnetic disk storage devices with coercivity of up to 5,000 Oersteds
  •  Shredded/crushed onsite by built-for-purpose HDD and SSD shredder/crusher to break it into smaller pieces

Our Services

Data erasure

Data erasure

Data erasure (also called data clearing or data wiping) is a software-based method of overwriting data that completely destroys all electronic data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to data disk sectors and make data recovery possible with common software tools. Unlike degaussing and physical destruction, which render the storage media unusable, data erasure removes all information while leaving the disk operable, preserving IT assets and the environment.

Software-based overwriting uses a software application to write patterns of pseudo-random meaningless data onto all of a hard drive’s sectors. There are key differentiators between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach or spill, identity theft and failure to achieve regulatory compliance. Many data eradication programs also provide multiple overwrites so that they support recognized government and industry standards. Good software should provide verification of data removal, which is necessary for meeting certain standards.

To protect data on lost or stolen media, some data erasure applications remotely destroy data if the password is incorrectly entered. Data erasure tools can also target specific data on a disk for routine erasure, providing a hacking protection method that is less time-consuming than software encryption. Hardware encryption built into drive firmware and integrated controllers is now a popular solution with no degradation in performance at all.

The firmware can encrypt at 256-bit full AES encryption faster than the drive electronics can write the data. Drives with this capability are known as self-encrypting drives (SED) and are present on most modern laptops and are increasingly used in Enterprise to protect data. Changing the encryption key will make all the drive data inaccessible so is an easy and very fast method of achieving 100% data erasure. Theft of an SED will induce physical asset loss, but data on the drive is inaccessible without the decryption key which is not stored on the drive.

Data Terminator provides focused security solutions and services that secure your data at rest, data in motion and data in use. We provide best degaussing service in Singapore, Hard Disk Crusher, NSA degausser Singapore, DoD degausser Singapore, hard disk destruction singapore,erase hard disk singapore,secured hard drive destruction singapore, Malaysia, Indonesia, Thailand and Vietnam.

Degaussing magnetic data storage media

Degaussing magnetic data storage media

Degaussing magnetic data is the process of decreasing or eliminating a remnant magnetic field.

(Wikipedia) Data is stored in the magnetic media, such as hard drives, floppy disks, and magnetic tape, by making very small areas called magnetic domains change their magnetic alignment to be in the direction of an applied magnetic field. This phenomenon occurs in much the same way a compass needle points in the direction of the Earth’s magnetic field. Degaussing, commonly called erasure, leaves the domains in random patterns with no preference to orientation, thereby rendering previous data unrecoverable. There are some domains whose magnetic alignment is not randomized after degaussing. The information these domains represent is commonly called magnetic remanence or remanent magnetization. Proper degaussing will ensure there is insufficient magnetic remanence to reconstruct the data.

Erasure via Degaussing magnetic data may be accomplished in two ways: in AC erasure, the medium is degaussed by applying an alternating field that is reduced in amplitude over time from an initial high value (i.e., AC powered); in DC erasure, the medium is saturated by applying a unidirectional field (i.e., DC powered or by employing a permanent magnet). A degausser is a device that can generate a magnetic field for degaussing magnetic storage media

Degaussing magnetic data

Irreversible damage to some media types

Many forms of generic magnetic storage media can be reused after degaussing, including audio reel-to-reel tape, VHS videocassettes, and floppy disks. These older media types are simply a raw medium which are overwritten with fresh new patterns, created by fixed-alignment read/write heads.
For certain forms of computer data storage, however, such as modern hard drives and some tape backup drives, degaussing renders the magnetic media completely unusable and damages the storage system. This is due to the devices having an infinitely variable read/write head positioning mechanism which relies on special servo control data (e.g. Gray Code) that is meant to be permanently embedded into the magnetic media. This servo data is written onto the media a single time at the factory using special-purpose servo writing hardware.

The servo patterns are normally never overwritten by the device for any reason and are used to precisely position the read/write heads over data tracks on the media, to compensate for sudden jarring device movements, thermal expansion, or changes in orientation. Degaussing magnetic data indiscriminately removes not only the stored data but also the servo control data, and without the servo data the device is no longer able to determine where data is to be read or written on the magnetic medium. The medium must be low-level formatted to become usable again; with modern hard drives, this is generally not possible without manufacturer-specific and often model-specific service equipment.

Data Terminator provides focused security solutions and services that secure your data at rest, data in motion and data in use. We provide best degaussing service in Singapore, Hard Disk Crusher, NSA degausser Singapore, DoD degausser Singapore.

You can further inquire following service from Data Terminator: Degaussing service in Singapore, Degausser in Singapore,NSA degausser Singapore,US DoD degausser Singapore,IT security, IT asset disposal, line of sight, on-site, secure data destruction.

Hard Disk Cloning

Hard Disk Cloning

Data Terminator uses tools such as the PSIClone™ to “clone” hard disks for customers’ usage. The PSIClone™ is packed with useful features for the forensic investigator. Designed with forensic data integrity in mind, a key feature of PSIClone™ is that the user is unable to write to the ‘source’ side of the device. With the included data recovery software, PSIClone has everything you need to perform data recovery right out of the box.

While PSIClone™ is a drive-to-drive cloning and imaging device, it stands out from other such devices because PSIClone™ has the ability to perform a robust compression while imaging a drive thereby allowing you to place images of multiple drives on one dump drive. This saves time and money.

Hard Disk Erasure service in Singapore

Hard Disk Erasure

Hard Disk Erasure is the method of securely remove data from hard disk while keeping the hard drive functioning or reusable. If you need to erase the data on a SCSI, IDE/PATA, SATA, laptop or SAS hard drive and then reuse or recycle hard drive, Data Devices’ line of DOD-approved hard drive erasers overwrite and erase the data on the drive, ensuring complete data security. The DOD-approved application WipeOutoverwrites and erases the drive 8 times. This guarantees the original data on the drive is unrecoverable to Department of Defense specifications. These units come standard with WipeOut Fast, which provides fast and comprehensive erasure. Our line of hard drive erasers and duplicators also supports solid state flash memory.

Data Terminator provides an ISO 9001 Certified for high quality Secure Electronic Data Erasure Services on any storage media such as PATA, SATA, or SCSI. There are many options of hard disk erasure. One of it is Software Erase, by overwriting the sector of the disk with a new value with certain amount of passes to ensure that the data is harder to recover. But we also provides a better option than software erase, “Secure Erase” which initiate the drive internal secure erase command, security erase unit, based on the ATA specification by the T13 technical committee.

If you have any request on data removing / restoring and degaussing, especially Hard Disk Erasure, please contact Data Terminator for a help.

Hard Disk Erasure

  • Kindly contact us for more details.
  • Or visit our website to find out more service and products

You can further inquire following service from Data Terminator: IT asset disposal, line of sight, on-site, secure data destruction,Degaussing service in Singapore, Degausser in Singapore,NSA degausser Singapore,US DoD degausser Singapore,IT security.

What is Degaussing?

Degaussing is a separate process from the computer system. It is a process that utilizes a machine to produce a strong electromagnetic field that destroys magnetically recorded data on a magnetic media. (E.g. hard disk and tape media…)

Who and Why degaussing is needed for your media?

• Radio/Television broadcasters: enables expensive tapes to be re-used.
• Computer departments of corporations: allows re-use of back up tapes and safe disposal of information from PC hard drives.
• Data Storage Companies: data no longer needed can be easily and efficiently erased.
• Defense Organisations: confidential and top secret information can be erased.
• CCTV Operators: allows VHS tapes to be re-used again and again.
• Audio/Video duplicators: allows re-use of any production over runs and returned out of date tapes.
• Financial Services: Banks and insurance companies can use a degausser to re-use magnetic media for voice logging systems.
• Emergency Services: Re-use tapes used in voice logging systems.
• Hospitals: erase sensitive information held on magnetic media, such as patient records no longer required.
• Universities: allows student records that are no longer needed to be erased.

 

Degaussing Services in Asia

Degaussing Services

Degaussing services are becoming vital services for ending of data life in storage media. Information leakage is a major threat to all organisations. IT departments often spent millions of dollars on access security, anti-virus and intrusion-protection. This security fortress becomes inadequate when dealing with information leakage via data storage sanitization. Data Terminator has the capability, competency and track record to provide organisations with effective data leakage protection solutions.

Data Terminator’s secure data sanitization processes are ISO 9001:2008 certified, the first in its class in Singapore, signifying our commitment and priority to organisations’ security needs.

Data Terminator’s secure data sanitization service covers all forms of electronic data storage media, which includes hard drive, magnetic tape, audio/video tape, optical media, flash media, static storage media, floppy and Zip cartridge, etc.

Besides data sanitization or degausing services, Data Terminator also provides complete IT asset disposal solutions. Our capabilities include the management of the complete disposal process of asset verification, secure data sanitization and asset de-classification, proper destruction and disposal.

Data Terminator provides a high quality degaussing service based on ISO 9001:2008 Certified – Secure Electronic Data Erasure & Destruction Services. We provide a quality checking process to demagnetizes the disk so that all data stored on the disk is permanently destroyed. Thus making the disk impossible to be recovered by any recovery tools available.

Degaussing Services

Kindly contact us for more details.

Or visit our website to find out more

Data Terminator provides focused security solutions and services that secure your data at rest, data in motion and data in use. We provide best degaussing service in Singapore, Hard Disk Crusher, NSA degausser Singapore, DoD degausser Singapore.

Secure Data Destruction

Data Terminator offer various Secure Data Destruction Services

secure data destruction

 

Hard Disk & Tape Sanitization

One of the key solutions to eliminate the risk of data falling into the wrong hands is to degauss hard drives prior to disposal. Hard drive degaussers use powerful magnets or an electromechanical “pulse” to erase data from hard drives. Similarly, tapes should also be properly degaussed before disposal.

In fact, DoD Requirements call for hard drives to be degaussed in an NSA listed Degausser and then physically destroyed prior to disposal.

CD/DVD Optical Media Destruction

Destroying CD/DVD Optical Media doesn’t have to be a problem.

Data Terminator has a variety of machines to meet NSA/CSS Specifications for CD/DVD Optical Media Destruction.

IT Asset Disposal

Proper IT asset disposal is becoming more and more important not just on the environmental issues but also on data confidentiality.

Many organizations do not have the dedicated resources or the bulk quantity to justify the investment of procuring the equipment. They may choose to outsource such destruction and disposal. Outsourcing can be affordable and safe when done properly. If you choose this option, ask what methods will be used, where your items will be kept prior to destruction, or if there are any on-site services, what happens to destroyed waste, and what proof you will get that those items were actually destroyed.

Data security is an ongoing process, by being aware of the threats and understanding the destruction options, you will be in a much better position to protect your business and yourself. You will have complete peace of mind that you have left nothing behind.

Data Terminator provides complete IT asset disposal solutions. Our capabilities include the management of the complete disposal process of asset verification, secure data sanitization and asset de-classification, proper destruction and disposal.

You can further inquire following service from Data Terminator: NSA degausser Singapore,US DoD degausser Singapore, Degaussing service in Singapore, Degausser in Singapore, IT security, IT asset disposal, line of sight, on-site, secure data destruction.

 

Enterprise Security Solutions

Enterprise Security Solutions

Enterprise Fraud Management

Enterprise Fraud Management (EFM) is a solution for detection of any suspicious activity or fraud incident in the Enterprise environment.

SSH Communication Security

SSH Communication Security providing an overall coverage for secure access communication on a network. This include monitoring, auditing, and controlling access of the communication.

User Activity Auditing & Monitoring

Keep track of the administrator or end user activity from a centralize management. It also covers user access to remote servers, virtual desktops, or networking devices, and records these activities

Advanced Persistent Threat (APT) Detection

APT detection is a live memory analysis that detects and analyzes threats on compromised endpoints. Contrary to the antivirus or IDS approach of matching suspected malware or traffic patterns with known malware signatures, the live memory analysis agent gives the analyst a view from a centralized console of what is happening inside the computer’s memory. This view can quickly expose a malware infection, regardless of whether a signature exists or not.

Network Access Control

Network Access Control (NAC) provides a network with the mandatory extra layer of protection for all existing security policies. It allows the Network Administrator to configure access parameters for the physical network ports and determine which devices are allowed access. It is an approach to computer network security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement.

DB Security

A Unified Database Solution including: Security, Caching, Auditing and Masking. The solution features a high-availability configuration to ensure business continuity. It has a broad range of security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability.

Endpoint Security.

The End Point Data Protection Suite delivers complete visibility, control, and protection of enterprise endpoints. It provides a comprehensive data protection solution in a single product, with a single management server and a single, lightweight agent.

Secure Storage Devices

Data Terminator offers Secure Storage Devices

Aegis Secure Key – USB 2.0 Flash Drive

Encrypted USB Flash Key with PIN access

Quick Overview

  • Military grade Full-disk AES 256-bit CBC Hardware Encryption
  • PIN activated 7-15 digits – Alphanumeric keypad use a memorable number or word for your PIN
  • Dust and water resistant
  • No software or drivers required
  • OS and platform independent – compatible with Windows, Mac, Linux and embedded systems
  • Works with any USB/USB On-The-Go devices

Aegis Padlock – USB 3.0

Encrypted USB 3.0 Hard Drive with PIN Access

Quick Overview

  • Secure PIN Access
  • Integrated USB 3.0 cable – Data transfer speeds up to 10X faster than USB 2.0
  • Choice of real-time 128-bit or 256-bit Military Grade AES-XTS Hardware Encryption
  • Software free design – No admin rights required
  • Compatible with any OS – Windows, Mac & Linux

Aegis Padlock DT – USB 3.0 Desktop Drive

Encrypted Desktop Hard Drive with PIN Access

Quick Overview

  • Secure PIN Access
  • Choice of real-time 128-bit or 256-bit Military Grade AES-XTS Hardware Encryption
  • Solid Aluminum Enclosure
  • Software free design – No admin rights required
  • Compatible with any OS – Windows, Mac & Linux

 

Apricorn Padlock – USB 2.0

Encrypted Hard Drive with PIN Access

Quick Overview

  • Secure PIN Access
  • Allows up to 10 PIN Passkeys
  • Choice of real-time 128-bit or 256-bit Military Grade AES Hardware Encryption
  • Integrated USB cable
  • Software free design – No admin rights required
  • Compatible with any OS – Windows, Mac & Linux

Aegis Padlock Pro – eSATA | USB 2.0

Encrypted Hard Drive with PIN Access

Quick Overview

  • Secure PIN Access
  • Real-time 256-bit AES Hardware Encryption
  • Ultra-fast eSATA and USB interface for data transfer rates of up to 90MB/sec
  • Software free design – No admin rights required
  • Compatible with any OS – Windows, Mac & Linux

Safend Data Protection Suite

Q: What does Safend do?

Safend Data Protection Suite protects organizations from data leakage and theft with a single software product providing granular port and device control, transparent hard disk encryption, comprehensive removable media encryption and accurate content control. It provides complete protection of sensitive data-in-use, data-at-rest and data-in-motion, without sacrificing productivity.

Q: What is an “endpoint”?

“Endpoint” refers to all enterprise workstations, laptops, and kiosks.

Q: What kinds of devices are commonly connected at endpoints?

A myriad of devices are connected to endpoints, including media players, handhelds, smart phones, printers, scanners, multi-function peripherals (scan/fax/print), Disk on Keys, CD/DVD-RWs, removable hard-drives, and other portable storage devices.

Q: Where can I get answers to questions not addressed here?

You may contact Data Terminator at info@data-terminator.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it for any questions concerning Safend.

Q: How can I evaluate Safend products?

To request an evaluation of the Safend Data Protection Suite go to the Data Protection Suite page or click here.

The Safend Auditor can be downloaded from our Safend product page or by clicking here.
To request an evaluation of the Safend Protector go to the Protector product page or click here.
To request evaluation of the Safend Encryptor go to the Encryptor product page or click here

Q: What new Safend products are on the horizon?

Safend has a very aggressive development cycle and strives for frequent product updates. Future versions will include even more granular control of an expanded number of endpoints, including mobile devices, and also include enhanced scalability and management features.

Since Safend recognizes the importance of Content Awareness as part of a data protection solution, we intend to introduce a new add-on product to our offering, Safend Inspector, during 2010. This product will further strengthen our offering by providing a comprehensive, accurate endpoint based data protection solution which enforces a data centric security policy across approved data transfer channels.

Contact inspector.beta@safend.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it to join the Safend Inspector Beta Program

Q: Does Safend have any type of ‘software assurance’ or maintenance program?

Yes, Safend offers a comprehensive maintenance and support program for all customers. This program assures customer access to software bug fixes, updates and version releases. The program can be purchased for a one-, two- or three-year period, which can then be extended on an annual basis.

Q: How do Safend products compare to other endpoint solutions available today?

Safend Data Protection Suite has several advantages over other endpoint security products:

Safend Data Protection Suite allows you to control all your data protection measures with a single management server, single management console and a single lightweight agent.

Operational friendly deployment and management

Best of breed port and device control, with instant visibility of connected devices (both current and past), and granular, flexible control over all physical and wireless ports.

Hard disk encryption is completely transparent and does not change end user experience and common IT procedures

Comprehensive and enforceable removable media encryption

Full control over sensitive data both inside and outside organizational network

Track file transfers from encrypted devices even on non-corporate computers

Q: Why do I need additional endpoint protection if we have the latest versions of Microsoft Windows and a firewall deployed?

Operating systems such as Microsoft Windows XP have only limited endpoint security functionality built-in. Endpoint security is not included in domain controlling and management software, nor in network security solutions such as firewalls. A separate, incremental solution like Safend is required to gain full visibility and granular, flexible control of all endpoints.

Q: What products does Safend offer and what do they do?

Safend Data Protection Suite protects organizations from data leakage and theft with a single software product. It provides complete protection of sensitive data-in-use, data-at-rest and data-in-motion, without sacrificing productivity.

Safend Data Protection Suite consists of Safend Protector with its two add-on modules – Safend Encryptor and Safend Reporter. Safend Protector provides an enterprise grade, client-server management infrastructure for endpoint port control, device control and removable media encryption. Safend Encryptor, a license activated add-on module, expands the product security capabilities to protect the data on the endpoint in case of lost or theft. Safend Reporter add-on module provides visibility into the security status of the organization with automatic report generation. All functionality is provided by a single software product, with a single management server and a single lightweight agent.

Safend Auditor is additional clientless software for immediate risk assessment through endpoint port and device auditing.

Q: Is endpoint security a serious issue?

Endpoint security is a bona fide issue documented by analysts, the media, and organizations that have suffered losses because they did not have an endpoint security solution in place.

While most organizations adequately protect Internet connections via TCP/IP ports (for example, using a firewall), endpoints are often overlooked. An increasing amount of data points to the need to add endpoint protection to any proactive security policy.

Q: What risks are associated with these devices connected at endpoints?

Endpoints can present serious risks to the network and the organization as a whole:

Data Leakage: Large amounts of sensitive information and Intellectual Property can be stolen through endpoints

Infiltration: Malicious code including viruses, worms and Trojan horses can be infiltrated through endpoints

Non-Compliance: Personal information may be exposed at endpoints, leading to non-compliance with data privacy laws such as HIPAA and the Sarbanes Oxley Act.

About us

Data Terminator provides focused security solutions and services that secure your data at rest, data in motion and data in use. We provide best degaussing service in Singapore, Hard Disk Crusher, NSA degausser Singapore, DoD degausser Singapore.

Contact us

DT Asia Group

A: 21 Bukit Batok Crescent #13-72 WCEGA Tower, Singapore 658065
T: (65) 6266 2877
E: enquiry.dps@dtasiagroup.com