Singapore's privacy watchdog is planning its first marketing blitz to drum into organisations the need to secure consumers' data.
This is following its recent crackdown on breaches of the law, its first since new data protection rules took full effect in July 2014.
The Personal Data Protection Commission plans to widen its reach by launching its first TV infotainment programmes featuring how Singapore companies comply with the law.
It said lax security procedures were behind most of the recent breaches of the law.
While spending and launch details were not available, Commission chairman Leong Keng Thai told The Straits Times: "We understand that some businesses might still need time and more help to comply with their obligations.
"The key to using personal data is to use it in a responsible manner just as you would treat other commercial sensitive or valuable data."
So far, the Commission has reached out to more than 8,000 organisations and 66 trade associations via free quarterly briefings conducted with the Workforce Development Agency and e-learning programmes, among others.
On Thursday, the Commission rapped 11 organisations - among them household names K Box Entertainment Group, Challenger Technologies, Metro and the Singapore Computer Society - for failing to protect customers' personal data.
Under the Personal Data Protection Act, organisations that fail to protect personal data can be fined up to $1 million per breach.
The heaviest fine of $50,000 went to K Box for a data breach involving 317,000 customers in September 2014. K Box declined to comment when contacted.
Metro department store chain, on the other hand, was warned for not securing its website and content management system properly, leading to a data leak involving 445 customers.
Metro said it had hired auditor KPMG to assess the security of its systems and that it has since taken steps - such as to encrypt its data and update its system software - to better mitigate risks.
IT retail chain Challenger Technologies was also warned over an error that resulted in members receiving an e-mail meant for another member.
It said it has since hired local data protection consultancy firm Straits Interactive to audit and review its business processes and policies, and trained staff on the proper way to handle personal data.
The Singapore Computer Society was also warned for mistakenly sending a document containing the personal details of 214 individuals to these 214 individuals without proper checks.
Its president Howie Lau said it has taken steps and will consider strengthening existing encryption methods on data files to prevent this from happening again.
Meanwhile, lawyers said the recent crackdown serves as a wake-up call.
"More organisations will review even the most basic processes such as password setting and e-mail attachments - things that they do not normally take notice of due to a lack of time, resource or the know-how," said lawyer Gilbert Leong, a partner at Rodyk & Davidson.
Even data management services and IT system providers will sit up and review their security process, said lawyer Bryan Tan of Pinsent Masons MPillay.
"They must also hire a data protection officer, as required by law, not only to protect customers' data, but also to ensure they do not retain the data longer than necessary," said Mr Tan.
