How to overcome cyber marketing：6 Principles that help protecting your data
Updated: May 2, 2019
Businesses thrive – or fail - on their ability collect, process, analyse and monetise data.
Cyber security, to protect these data assets, is now firmly on the agenda of investors and the c-suite.
There is a rapidly expanding list of organisations globally impacted by cyber incidents. Governments departmen
ts (Police, Hospitals, Telco and Intelligence) from Hong Kong, Turkey, Spain, Malaysia, Singapore and the US have all publicly reported some form of unauthorised network or data access incidents.
In Hong Kong big brand names such as Cathay Pacific, HSBC (Payme), Asia Miles, PPS and TransUnion. Other Global Brand Names include Sony, Google, Facebook, Citigroup, Visa, MasterCard, IMF, Hyundai Capital, Marriot Hotels, Lockheed Martin have all been cited in the media as having experienced a cyber incident.
Personal Data Privacy Ordinance
In Hong Kong, we are governed by the Personal Data Privacy Ordinance. The Ordinance outlined six data protection principles on how we are responsible for handling data: (https://www.pcpd.org.hk/english/data_privacy_law/ordinance_at_a_Glance/ordinance.html)
Six Data Protection Principles
DPP1 - Data Collection Principle
Personal data must be collected in a lawful and fair way, for a purpose directly related to a function /activity of the data user.
Data subjects must be notified of the purpose and the classes of persons to whom the data may be transferred.
Data collected should be necessary but not excessive.
DPP2- Accuracy & Retention Principle
Practicable steps shall be taken to ensure personal data is accurate and not kept longer than is necessary to fulfil the purpose for which it is used.
DPP3 - Data Use Principle
Personal data must be used for the purpose for which the data is collected or for a directly related purpose, unless voluntary and explicit consent with a new purpose is obtained from the data subject.
DPP4 - Data Security Principle
A data user needs to take practicable steps to safeguard personal data from unauthorised or accidental access, processing, erasure, loss or use.
DPP5 - Openness Principle
A data user must take practicable steps to make personal data policies and practices known to the public regarding the types of personal data it holds and how the data is used.
DPP6 - Data Access & Correction Principle
A data subject must be given access to his/her personal data and allowed to make corrections if it is inaccurate.
In accordance with the NetDiligence 2017 Cyber Claims Study:
Hackers seems to be the most frequent cause of loss followed by Melware / Virus. More importantly 8% of losses are caused by Rogue Employees. This is a serious problem as employee usually are able to obtain sensitive important information internally. If your company do not want to be the next victim, improved risk management together with proper risk transfers and data handling procedures should be enforced. Internal Procedures should also be communicated with all your colleagues.
Speak with us how we can assist to provide better protection to your company!