Personal Data Protection Act

The purpose of Personal Data Protection Act is to govern the collection, use and disclosure of personal data by organisations in a manner that recognises both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.

Overview

What is Personal Data?

Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access. Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA).

What is the Personal Data Protection Act?

The PDPA establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data. It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.

The PDPA provides for the establishment of a national Do Not Call (DNC) Registry. The DNC Registry allows individuals to register their Singapore telephone numbers to opt out of receiving marketing phone calls, mobile text messages such as SMS or MMS, and faxes from organisations.

Objectives of the Personal Data Protection Act

Today, vast amounts of personal data are collected, used and even transferred to third party organisations for a variety of reasons. This trend is expected to grow exponentially as the processing and analysis of large amounts of personal data becomes possible with increasingly sophisticated technology.

With such a trend comes growing concerns from individuals about how their personal data is being used. Hence, a data protection regime to govern the collection, use and disclosure of personal data is necessary to address these concerns and to maintain individuals’ trust in organisations that manage data.

By regulating the flow of personal data among organisations, the PDPA also aims to strengthen and entrench Singapore’s competitiveness and position as a trusted, world-class hub for businesses.

How does the Personal Data Protection Act Work?

The PDPA will ensure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks. This means that organisations will have to comply with the PDPA as well as the common law and other relevant laws that are applied to the specific industry that they belong to, when handling personal data in their possession. 

The PDPA takes into account the following concepts:

  • Consent – Organisations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions);
  • Purpose – Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
  • Reasonableness – Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.

Application of the Personal Data Protection Act

The PDPA covers personal data stored in electronic and non-electronic forms.

The data protection provisions in the PDPA (parts III to VI) generally do not apply to:

  • Any individual acting in a personal or domestic basis.
  • Any employee acting in the course of his or her employment with an organisation.
  • Any public agency or an organisation in the course of acting on behalf of a public agency in relation to the collection, use or disclosure of the personal data. You may wish to refer to the Personal Data Protection (Statutory Bodies) Notification 2013 for the list of specified public agencies.
  • Business contact information. This refers to an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his or her personal purposes.

These rules are intended to be the baseline law which operates as part of the law of Singapore. It does not supersede existing statutes, such as the Banking Act and Insurance Act but will work in conjunction with them and the common law.

When does the Personal Data Protection Act Come into Effect?

The PDPA takes effect in phases starting with the provisions relating to the formation of the PDPC on 2 January 2013. Provisions relating to the DNC Registry came into effect on 2 January 2014 and the main data protection rules on 2 July 2014. This allows time for organisations to review and adopt internal personal data protection policies and practices, to help them comply with the PDPA.

Development of the Personal Data Protection Act

In the development of this law, references were made to the data protection regimes of key jurisdictions that have established comprehensive data protection laws, including the EU, UK, Canada, Hong Kong, Australia and New Zealand, as well as the OECD Guidelines on the Protection of Privacy and Transborder Flow of Personal Data, and the APEC Privacy Framework. These references are helpful for the formulation of a regime for Singapore that is relevant to the needs of individuals and organisations, and takes into account international best practices on data protection.

Three public consultations were conducted since 2011 to seek feedback on the proposed data protection regime. The public consultation sought the public’s views on topics including the coverage of the proposed law, the proposed data management rules and transitional arrangements for organisations to comply with the new law. For more information on the public consultations, please visit the MCI website.

What can we do for you to cope with Personal Data Protection Act?

  •  Degauss onsite using NSA evaluated degaussers which is capable of erasing both longitudinal and perpendicular magnetic disk storage devices with coercivity of up to 5,000 Oersteds
  •  Shredded/crushed onsite by built-for-purpose HDD and SSD shredder/crusher to break it into smaller pieces

Our Services

Data erasure

Data erasure

Data erasure (also called data clearing or data wiping) is a software-based method of overwriting data that completely destroys all electronic data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to data disk sectors and make data recovery possible with common software tools. Unlike degaussing and physical destruction, which render the storage media unusable, data erasure removes all information while leaving the disk operable, preserving IT assets and the environment.

Software-based overwriting uses a software application to write patterns of pseudo-random meaningless data onto all of a hard drive’s sectors. There are key differentiators between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach or spill, identity theft and failure to achieve regulatory compliance. Many data eradication programs also provide multiple overwrites so that they support recognized government and industry standards. Good software should provide verification of data removal, which is necessary for meeting certain standards.

To protect data on lost or stolen media, some data erasure applications remotely destroy data if the password is incorrectly entered. Data erasure tools can also target specific data on a disk for routine erasure, providing a hacking protection method that is less time-consuming than software encryption. Hardware encryption built into drive firmware and integrated controllers is now a popular solution with no degradation in performance at all.

The firmware can encrypt at 256-bit full AES encryption faster than the drive electronics can write the data. Drives with this capability are known as self-encrypting drives (SED) and are present on most modern laptops and are increasingly used in Enterprise to protect data. Changing the encryption key will make all the drive data inaccessible so is an easy and very fast method of achieving 100% data erasure. Theft of an SED will induce physical asset loss, but data on the drive is inaccessible without the decryption key which is not stored on the drive.

Data Terminator provides focused security solutions and services that secure your data at rest, data in motion and data in use. We provide best degaussing service in Singapore, Hard Disk Crusher, NSA degausser Singapore, DoD degausser Singapore, hard disk destruction singapore,erase hard disk singapore,secured hard drive destruction singapore, Malaysia, Indonesia, Thailand and Vietnam.

Degaussing magnetic data storage media

Degaussing magnetic data storage media

Degaussing magnetic data is the process of decreasing or eliminating a remnant magnetic field.

(Wikipedia) Data is stored in the magnetic media, such as hard drives, floppy disks, and magnetic tape, by making very small areas called magnetic domains change their magnetic alignment to be in the direction of an applied magnetic field. This phenomenon occurs in much the same way a compass needle points in the direction of the Earth’s magnetic field. Degaussing, commonly called erasure, leaves the domains in random patterns with no preference to orientation, thereby rendering previous data unrecoverable. There are some domains whose magnetic alignment is not randomized after degaussing. The information these domains represent is commonly called magnetic remanence or remanent magnetization. Proper degaussing will ensure there is insufficient magnetic remanence to reconstruct the data.

Erasure via Degaussing magnetic data may be accomplished in two ways: in AC erasure, the medium is degaussed by applying an alternating field that is reduced in amplitude over time from an initial high value (i.e., AC powered); in DC erasure, the medium is saturated by applying a unidirectional field (i.e., DC powered or by employing a permanent magnet). A degausser is a device that can generate a magnetic field for degaussing magnetic storage media

Degaussing magnetic data

Irreversible damage to some media types

Many forms of generic magnetic storage media can be reused after degaussing, including audio reel-to-reel tape, VHS videocassettes, and floppy disks. These older media types are simply a raw medium which are overwritten with fresh new patterns, created by fixed-alignment read/write heads.
For certain forms of computer data storage, however, such as modern hard drives and some tape backup drives, degaussing renders the magnetic media completely unusable and damages the storage system. This is due to the devices having an infinitely variable read/write head positioning mechanism which relies on special servo control data (e.g. Gray Code) that is meant to be permanently embedded into the magnetic media. This servo data is written onto the media a single time at the factory using special-purpose servo writing hardware.

The servo patterns are normally never overwritten by the device for any reason and are used to precisely position the read/write heads over data tracks on the media, to compensate for sudden jarring device movements, thermal expansion, or changes in orientation. Degaussing magnetic data indiscriminately removes not only the stored data but also the servo control data, and without the servo data the device is no longer able to determine where data is to be read or written on the magnetic medium. The medium must be low-level formatted to become usable again; with modern hard drives, this is generally not possible without manufacturer-specific and often model-specific service equipment.

Data Terminator provides focused security solutions and services that secure your data at rest, data in motion and data in use. We provide best degaussing service in Singapore, Hard Disk Crusher, NSA degausser Singapore, DoD degausser Singapore.

You can further inquire following service from Data Terminator: Degaussing service in Singapore, Degausser in Singapore,NSA degausser Singapore,US DoD degausser Singapore,IT security, IT asset disposal, line of sight, on-site, secure data destruction.

Safend Data Protection Suite

Q: What does Safend do?

Safend Data Protection Suite protects organizations from data leakage and theft with a single software product providing granular port and device control, transparent hard disk encryption, comprehensive removable media encryption and accurate content control. It provides complete protection of sensitive data-in-use, data-at-rest and data-in-motion, without sacrificing productivity.

Q: What is an “endpoint”?

“Endpoint” refers to all enterprise workstations, laptops, and kiosks.

Q: What kinds of devices are commonly connected at endpoints?

A myriad of devices are connected to endpoints, including media players, handhelds, smart phones, printers, scanners, multi-function peripherals (scan/fax/print), Disk on Keys, CD/DVD-RWs, removable hard-drives, and other portable storage devices.

Q: Where can I get answers to questions not addressed here?

You may contact Data Terminator at info@data-terminator.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it for any questions concerning Safend.

Q: How can I evaluate Safend products?

To request an evaluation of the Safend Data Protection Suite go to the Data Protection Suite page or click here.

The Safend Auditor can be downloaded from our Safend product page or by clicking here.
To request an evaluation of the Safend Protector go to the Protector product page or click here.
To request evaluation of the Safend Encryptor go to the Encryptor product page or click here

Q: What new Safend products are on the horizon?

Safend has a very aggressive development cycle and strives for frequent product updates. Future versions will include even more granular control of an expanded number of endpoints, including mobile devices, and also include enhanced scalability and management features.

Since Safend recognizes the importance of Content Awareness as part of a data protection solution, we intend to introduce a new add-on product to our offering, Safend Inspector, during 2010. This product will further strengthen our offering by providing a comprehensive, accurate endpoint based data protection solution which enforces a data centric security policy across approved data transfer channels.

Contact inspector.beta@safend.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it to join the Safend Inspector Beta Program

Q: Does Safend have any type of ‘software assurance’ or maintenance program?

Yes, Safend offers a comprehensive maintenance and support program for all customers. This program assures customer access to software bug fixes, updates and version releases. The program can be purchased for a one-, two- or three-year period, which can then be extended on an annual basis.

Q: How do Safend products compare to other endpoint solutions available today?

Safend Data Protection Suite has several advantages over other endpoint security products:

Safend Data Protection Suite allows you to control all your data protection measures with a single management server, single management console and a single lightweight agent.

Operational friendly deployment and management

Best of breed port and device control, with instant visibility of connected devices (both current and past), and granular, flexible control over all physical and wireless ports.

Hard disk encryption is completely transparent and does not change end user experience and common IT procedures

Comprehensive and enforceable removable media encryption

Full control over sensitive data both inside and outside organizational network

Track file transfers from encrypted devices even on non-corporate computers

Q: Why do I need additional endpoint protection if we have the latest versions of Microsoft Windows and a firewall deployed?

Operating systems such as Microsoft Windows XP have only limited endpoint security functionality built-in. Endpoint security is not included in domain controlling and management software, nor in network security solutions such as firewalls. A separate, incremental solution like Safend is required to gain full visibility and granular, flexible control of all endpoints.

Q: What products does Safend offer and what do they do?

Safend Data Protection Suite protects organizations from data leakage and theft with a single software product. It provides complete protection of sensitive data-in-use, data-at-rest and data-in-motion, without sacrificing productivity.

Safend Data Protection Suite consists of Safend Protector with its two add-on modules – Safend Encryptor and Safend Reporter. Safend Protector provides an enterprise grade, client-server management infrastructure for endpoint port control, device control and removable media encryption. Safend Encryptor, a license activated add-on module, expands the product security capabilities to protect the data on the endpoint in case of lost or theft. Safend Reporter add-on module provides visibility into the security status of the organization with automatic report generation. All functionality is provided by a single software product, with a single management server and a single lightweight agent.

Safend Auditor is additional clientless software for immediate risk assessment through endpoint port and device auditing.

Q: Is endpoint security a serious issue?

Endpoint security is a bona fide issue documented by analysts, the media, and organizations that have suffered losses because they did not have an endpoint security solution in place.

While most organizations adequately protect Internet connections via TCP/IP ports (for example, using a firewall), endpoints are often overlooked. An increasing amount of data points to the need to add endpoint protection to any proactive security policy.

Q: What risks are associated with these devices connected at endpoints?

Endpoints can present serious risks to the network and the organization as a whole:

Data Leakage: Large amounts of sensitive information and Intellectual Property can be stolen through endpoints

Infiltration: Malicious code including viruses, worms and Trojan horses can be infiltrated through endpoints

Non-Compliance: Personal information may be exposed at endpoints, leading to non-compliance with data privacy laws such as HIPAA and the Sarbanes Oxley Act.

Degaussing FAQs

Q: What is Physical Drive Destruction?

To positively prevent data from recovery; disks can be removed from disk drives and broken up, or even ground to microscopic pieces. DoD 5220.22M recommends degaussing followed by physical destruction of the storage medium (the magnetic disks) for data classified higher than Secret. Even such physical destruction is not absolute if any remaining disk pieces are larger than a single 512-byte record block in size, about 1/125″ in today’s drives. As linear and track densities increases, the maximum allowable size of disk fragments become ever smaller. Destroyed disk fragments of this size can be image restored by magnetic microscopy.

Some storage products are more easily destroyed than hard disk drives, such as magnetic disk data cartridges, tape cartridges, secure USB drives, and optical media.

Q: What is Non-destructive Data Erasure (Data Sanitization)?

Non-destructive data erasure supports wiping and permanently cleaning for all traces of deleted files and folder, administrator documents and other similar files or folders for maintaining computer privacy and enhancing system performance. It deletes all the data, free space, slack space, deleted memory chunks of data even if they’re not existing in a file, removes huge files stored on HDD of Windows OS and any removable media and cannot be recovered or restored by any data recovery software.

Q: What is Sanitization of Data?

Data Sanitization is the process of erasing (sanitizing) or destroying sensitive information in storage devices to meet legal compliance requirements thereby protecting user data from unauthorized use.

Q: What is Degaussing (or Demagnetizing)?

Degaussing is the process for reducing the magnetization of a magnetic storage device to zero by applying a reverse (coercive) magnetizing force, rendering any previously stored data unreadable and unintelligible, and ensuring that it cannot be recovered by any technology known to exist.

Q: What is Coercive Force?

A negative or reverse magnetic force applied for the purpose of reducing magnetic flux density.

Q: What is a degausser?

Degausser is an electrical device or permanent magnet assembly which generates a coercive magnetic force for the purpose of degaussing magnetic storage devices or other magnetic material. In order to be effective in sanitizing data, the degausser needs to be evaluated by an authority (e.g. US DoD, NSA/CSS) to meet the *oersted strength as claimed by the manufacturer.

*Oersted: A cgs unit of magnetic field strength, symbol: Oe. Oersted is a measurement applied to magnetic media.

Q: What is Magnetic Force Microscopy (MFM)?

The Magnetic Force Microscope is a variation of the Atomic Force Microscope, capable of providing high resolution, 3-dimensional images of magnetic fields. Magnetic Force Microscopy (MFM) technology can be used to probe magnetic storage media like hard disk and magnetic tapes for data residue.

If the magnetic data storage media such as hard disks and magnetic tapes have been completely degaussed, there will not be any data residue on the hard disk.

Q: What needs to be sanitised?

CDs and DVDs

Hard Drives

All forms of Magnetic Media, e.g. backup cartridges, tapes, zip disks and floppy disks

Optical and Flash Drives, e.g. thumb drives and memory storage cards

Q: How then to ensure that data are erased securely?

Degaussing – Using secure data destruction equipment such as hard drive degaussers to permanently eliminate data from magnetic media. Hard drive degaussers use powerful magnets or an electromechanical “pulse” to erase data from hard drives. In fact, DoD requirements call for hard drives to be degaussed in an NSA listed Degausser and then physically destroyed prior to disposal.

Shredding – Using secure data destruction equipment to completely pulverize and reduce the media to dust.
Disintegration – Using secure data destruction equipment to destroy bulk materials into particles that cannot be reconstructed.

Q: Does physical destruction of hard disk drives make the data unrecoverable?

Hard disk drives can be removed from the computers, smashed, broken up, drilled holes and even shredded to smaller pieces to prevent the data from being recovered. However, even such physical destruction is not absolute if any remaining disk pieces are larger than a single record block in size, about 1/125″ in today’s drives (Note that as the linear and track density of magnetic recording increases the resulting recoverable pieces of disk must become even smaller if all chances of data recovery after physical destruction alone are to be zero).

By physically destroying the outer surface of the hard disks does not ensure that the data are properly sanitized/degaussed. Data can still be recovered by a process known as MFM (Magnetic Force Microscopy) ‏

Q: Why the need to ensure that electronic data in storage media are securely erased and destroyed?

By simply discarding obsolete or damaged storage media, traces of sensitive information that are being left behind can be recovered easily. This compromises the security of the confidential data.

About Data Terminator Pte Ltd.

About Data Terminator Pte Ltd.

Data Terminator (DT) was incorporated in 2007 to provide best in class security solutions and services.

It begins as an information Leakage Protection Specialist providing certified equipment and professional services for secure electronic data destruction. DT’s comprehensive range of secure data destruction equipment and services are in compliance to US Department of Defense (DoD) and National Security Agency (NSA) standards.

Data Terminator

Its processes are ISO 9001:2008 certified, giving customers the security with confidence.

Over the years, we have developed in depth other security solutions that helps our customer protect their Data in motion and Data in use as well. This include leading Enterprise Fraud Detection solution, database security  and secure communication  Across different platform.

DT’s  key customers include various Government Ministries, Statutory Boards, FSI and MNCs.

Data Terminator provides focused security solutions and services that secure your data at rest, data in motion and data in use. We provide best degaussing service in Singapore, Hard Disk Crusher, NSA degausser Singapore, DoD degausser Singapore.

You can further inquire following service from Data Terminator: Degaussing service in Singapore, Degausser in Singapore,NSA degausser Singapore,US DoD degausser Singapore,IT security, IT asset disposal, line of sight, on-site, secure data destruction, Clear, Clearing, Purge, purging, Sanitize, sanitization, declassification, Degauss, degaussing, degaussing services, degausser, gauss strength, orsted, Rare earth permanent magnet, automatic degausser, electromagnetic, coercivity, electro magnetic pulse, automatic force microscopy, Magnetic force microscopy, AFM, MFM, portable, mobile. Certificate, ISO 9001, Hard disk, tape cartridge, LTO, DDS, DLT, MO, Thumb drive, SD , CD, DVD, USB, flash drive, Longtitudinal Magnetic Recording, LMR, Perpendicular Magnetic Recoding, PMR, Shred, shredding, high security, cross cut, diamond cut, disintegrator, destruction, Crushing, disintegration. Data destruction equipment, clone, erasure, multiple passess, md5, file level, sector level, data recovery, data cloning, Hard drive erase, data wipping, ghosting, offline tracking, P-list, G-list, DLP, ILP, endpoint security, data protection, external storage, data encryption, access control, Edge security, data leakage, information leakage, white list, black list, data logging, usb endpoint protection, Data loss prevention, usb lockdown, wifi bridging, flash drive encryption, security software, SaaS, software as a service, End of life, data in use, data in motion, data at rest, NSA , NSA/CSS evaluated products list, epl, US DoD 5220.22-M, Dtic, NISPOM, HIPAA, GLB, DPA, NIST 800-88, singapore, secure destruction and asset disposal services.

Let’s make your data yours only.

About us

Data Terminator provides focused security solutions and services that secure your data at rest, data in motion and data in use. We provide best degaussing service in Singapore, Hard Disk Crusher, NSA degausser Singapore, DoD degausser Singapore.

Contact us

DT Asia Group

A: 21 Bukit Batok Crescent #13-72 WCEGA Tower, Singapore 658065
T: (65) 6266 2877
E: enquiry.dps@dtasiagroup.com