Tag: PDPA

Best Practices for Protecting cUSTOMER DATA FOR Event Team

Posted on by eventnook

Your team security is as strong as your weakest link.

The security and safety of customer data will be of utmost importance for building a trusted relationship with your customer and audience.

An organization committed to the safety of its customer data starts with a simple good habit and regular check-ups. It must be an intentional discipline to achieve it, similar to customer satisfaction and high standard in the team.

The checklist that requires habit for an event team

#PracticeCompliance Requirement
1Use a strong password to access the company tools and services avoid using simple passwords such as password123100%
2Use a strong password to access the company tools and services. Avoid using simple passwords such as password123100%
3Never leave the computer or devices open ( without locking the screen) when you are away from your desk. This especially happens a lot with onsite at the event venue.100%
4Device Lost – if you lost the device that has access to the company data, immediately inform the company to lock the device, remove the key from the device, and change the Password immediately.100%
5Avoid Saving Passwords for sites that have sensitive customer data.100%
6Be Careful installing 3rd party plugins that track or steal your credential (such as username/password) and customer data. E.g., Gmail plugin, Chrome plugin, etc., especially the plugins that are not legitimate and collect data secretly.100%
7Regular Cleanup – safely remove the temporarily downloaded customer data (excel / CSV) in your local devices/laptop for technical and customer support. It’s usually downloaded to the Download folder / a drive on your devices100%
8Use 2FA Authentication wherever available100%
9Use a Secure and legitimate VPN service. If you need to use the VPN, be careful using some free VPN services that may collect your data.100%
10Avoid sending or transferring the customer data via Chat services such as WhatsApp / Telegram, etc.For the data transfer for work purposes, strictly use the company email provided by the companyAvoid using the personal email for all company matters100%
11Avoid sending the excel sheet without password protection (For data such as the customer’s registration data that requires PDPA compliance and avoid breaching)100%
12Avoid sending the customer data to a non-authorized person from the customer team and without verification. When the data is sent, the company email must be used to transfer the data.100%
13Avoid sharing the username and Password when you need to share the username and password login access. Instead, send the username and Password in a separate communication.100%
14Keep up-to-date software updates for your devices with the latest security update and patches100%

Work Collaboration and Document

#PracticeCompliance Requirement
1Use Google Drive for all work documents.
When the file is shared, try not to share it as public unless it has no important data. Share it to only people who are involved. 		100%
2If the cloud PC is provided for work, all work must be done in the cloud PC.100%
3If the mobile device is provided for work, all work activities and apps such as Gmail, Chat, etc must be done on the company device. 
If you have to use personal device, ask approval from the company for accessing the company works from your personal devices.		100%

Onsite Event Support – Best Practices

#PracticeCompliance Requirement
1the items above – 100%
2Shred the paper that has all personal data information such as guest list after the event is over100%
3Log out from all websites, apps, and tools after the event.

The rental laptop and mobile devices must clear all the cache in the browser and log out of all the event apps and administrative websites properly.		100%
4Change the Password – if you have given your Password to external temp staff/event team members100%
5Never give your admin password that has access to all other customer data for support to external temp staff100%
6Suppose you signed an NDA confidentiality agreement with the customer. In that case, you must get the temp staff or external contractors to sign the NDA for event support or brief them on the requirement of data confidentiality.100%

About EventNook

EventNook is based in Singapore, and we are one of the leading event technology companies in Asia. Our mission is to continue to build a scalable event management platform by simplifying and, in many ways, redefining the old event management process. We take into account every event we have assisted in managing, and using this insight, we have optimized our use of the latest innovations in cloud and mobile technologies. We have empowered event organizers and planners to create a successful series of events.

If you are looking for an innovative event platform to organize your school activities, drop us a note, and our event success team will be glad to assist your school events successfully. Learning more about EventNook – https://www.eventnook.sg

About Personal Data: What Do I Need To Know?

Posted on by carinazhang9

What qualifies as personal data?

Based on the PDPA Guidelines, your personal data can be defined as “data, whether true or not, about an individual who can be identified – a) from that data; or b) from that data and other information to which the organisation has or is likely to have access”.

Examples of this would be your name, address, gender, email address, IC number, etc. As of 1 September 2019, the new guidelines issued by the Personal Data Protection Commission (PDPC) dictate that organisations will not be allowed to collect, use or disclose NRIC numbers unless required by the law. Do note that the PDPA does not apply to business contact information such as business title, business telephone number, business address and business e-mail

This topic revolving around privacy and personal data has become such a hot topic for discussion. We hope you take some time to read though this article to stay updated on the necessary actions to take to ensure that your personal data is not compromised.

Of course, in most cases, we would need to give up some form of personal data due to the nature of the business or transaction. How then, can we ensure that our personal data is handled lawfully, fairly and in a transparent manner as required by the PDPA?

Here are 7 tips that you can keep in mind when giving away your personal data:

#1 Provide consent

Firstly, you have to give either verbal, written, or even deemed consent for your personal data to be collected. Whether there is a checkbox to select or a signature line, ensure that you are aware of the consent that you are giving by completing that form/questionnaire.

What constitutes as consent would include: Voluntary provision or cases where it is reasonable to voluntarily provide the data. Do note that you also have a right to withdraw your consent at any time. One example would be the Do Not Call (DNC) registry where you can opt out of receiving unsolicited marketing messages and calls. You are able to lodge a complaint if you still receive such messages and calls, and the organisations involved would face a fine up to $10,000 per breach.

#2 intent of collection

Once you have given, or are deemed to have given, consent, the personal data collected can only be processed in an appropriate manner and for a reasonable purpose. You have the right to be informed of the purpose for which the personal data is being collected.

Be aware of what your information is being used for, read the security and privacy policies if you have the time. Read the fine print – you may be consenting to having your data be used for marketing or analysis. When you give your consent, you would be giving your consent to any terms that are mentioned in these documents.

#3 access to YOUR data

Individuals have the right to request who we provide access to and to make corrections to their personal data. There are some exceptions, such as cases in which providing access would cause immediate harm to the safety, or physical or mental heath, of the individual; threaten the safety, or physical or mental health, of another individual; or reveal another individual’s personal data.

#4 update YOUR data regularly

We must make a reasonable effort to ensure that all personal data collected is accurate and complete. It is likely that the personal data will be used to make a decision that affects the individual to whom it relates, or is likely to be disclosed to another organisation. In case of any changes to your personal data, you should be given the option to edit what you have previously given.

#5 protection of data

Organisations must protect personal data in their possession or control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar activity. Read the security and privacy policies of the companies that you are giving your data to.

#6 delete once obsolete

Organisations must cease retaining documents containing personal data, or anonymise that data, as soon as it is no longer needed for the purpose for which it was collected, or for other legal or business purposes. You have the right to request for your personal data to be deleted should you choose to move your business elsewhere.

#7 keep within bounds

Lastly, organisations must not transfer personal data outside Singapore except in accordance with the Act’s requirements, to ensure that they provide it a comparable standard of data protection.

At EventNook, we deal with a lot of personal data, so we practice extra caution in data handling and take pride in our commitment to protect all our customers’ personal data while delivering the results. If you have any questions on our data protection policies for your events, feel free to drop us an email or a call, our friendly team will be more than happy to assist you!