New trustmark to assure consumers in S'pore their data is protected

This initiative comes in the wake of rising use of online services and more firms going digital amid Covid-19.
This initiative comes in the wake of rising use of online services and more firms going digital amid Covid-19.ST PHOTO: GIN TAY

SINGAPORE - Later next year, companies can apply for a new certification assuring customers that their personal data is being properly handled and protected by the firms.

The new Credence Data Trust Rating System - launched on Sept 27 by 11 industry players including IBM and Alibaba Group - grades companies based on the robustness of the firms' data protection and handling measures.

Rating certificates will be issued by local information technology and services start-up Credence Lab.

Scoring details and other aspects of the rating system will be fine-tuned in a pilot with several organisations, including telco TPG Telecom and Singapore technology industry association SGTech.

The final version of the rating system that companies can apply under is expected to be ready in the second half of next year.

The framework seeks to include elements of the Infocomm Media Development Authority's Data Protection Trustmark, which focuses on compliance with Singapore's Personal Data Protection Act.

This initiative comes in the wake of rising use of online services and more firms going digital amid Covid-19, which resulted in companies having more customer data.

On the flip side, there has also been a string of data breaches here recently, including one that may have affected 79,000 customers of mobile operator MyRepublic in August and another that hit 57,000 customers of telco StarHub in July.

Credence Data Trust is also expected to, among other things, address data compliance under regulations for specific sectors.

Firms will be graded on how well customers' data is protected, and the resources and processes they dedicate to protecting the data.

How companies inform customers on the ways their data will be used, and how firms ensure customers are able to exercise their rights over their data, like asking for the information collected on them, will be factored in.

Speaking at the launch of the rating system, Minister of State for Communications and Information Tan Kiat How said that "digital trust is important to Singapore's ambition of being a key hub in the global digital economy", and trustmarks like the rating system will play an important role in this broader ecosystem of digital trust.

The consortium of industry players behind the rating system includes KPMG, which will work with companies to analyse their processes and advise them on data management measures.


Minister of State for Communications and Information Tan Kiat Howat the launch of the Credence Data Trust Rating System on Sept 27, 2021. PHOTO: MINISTRY OF COMMUNICATIONS AND INFORMATION

German testing, inspection and certification firm TUV SUD will be the assessment body.

Mr Philip Heah, Credence Lab's chief executive, said the rating system could help address concerns consumers have over company breaches that leak their data.

"The system helps companies put in place the appropriate corporate culture and necessary policies, controls and practices that should prevent leakage in the first place," he said.

But if a data leak does happen, the system would see to it that firms already have the proper systems and processes to recover and regain the trust of consumers.

The system allows companies to manage their suppliers that deal with data as well. For instance, if a company works with highly sensitive data, it may require its suppliers to get a higher rating and have appropriate measures to manage such data securely.