I refer to the Forum letter by Mr Jonathan Boon, "Stricter laws needed on how firms store collected data" (Sept 11).

Mr Boon said MyRepublic has violated the storage and retention rules under the Personal Data Protection Act (PDPA).

To reassure our customers and alleviate public concerns, we would like to address his points.

First, MyRepublic has been and continues to be in full compliance with the PDPA and the Infocomm Media Development Authority's regulations, including on the subject of data retention and storage.

As a telecommunications service provider, we are required to retain records of former customers.

Second, the use of specialist third-party storage platforms is a standard industry practice, and one that is fully compliant with prevailing laws and regulations.

I reiterate that MyRepublic takes what has happened seriously.

Like Mr Boon and many customers, I am deeply disappointed, and I have been working directly with our IT and network teams as well as a team of external expert advisers to resolve the incident.

Our priority right now is to engage our customers and ensure they get the support they need in mitigating any potential risks involved.

We are also reviewing all our systems and processes, both internal and external, to make sure an incident like this does not occur again.

As an industry, we can do better to protect all customers, by continuing to share learnings and best practices across the board.

I thank all our customers for their patience and support, and we will continue making the necessary improvements to earn back their trust.

Malcolm Rodrigues

Chief Executive Officer

MyRepublic