Skip to content

Response to Media Enquiry or Report

Response to Media Enquiry or Report

Date: 27 February 2020

Response to media enquiry on the trend of cybercrime and data breaches during work-from-home arrangement


Thank you very much for your email enquiry about whether there has been any rising trend of cybercrime and data breaches since the work-from-home (WFH) arrangement was introduced. Our response to your enquiry is as follows:
  • Currently, there is no mandatory requirement for data breach notifications.  In other words, there are bound to be some data breaches being unreported.  During the WFH period (29 January to 26 February 2020), the office of the Privacy Commissioner for Personal Data (PCPD) has received 10 data breach notifications, of which only one was relating to cybercrime.  During the same period, the PCPD received two complaints relating to cybercrime or loss of data.  As far as the figures of data breach notifications and complaints received by the PCPD over the last year can show, there has been no rising trend of data breach notifications and complaints relating to cybercrime or loss of data since the WFH arrangement was introduced.  The numbers of data breach notifications and complaints have remained at a steady level, no significant differences observed. 
     
  • Under the WFH arrangement, employees intending to bring home files containing confidential and personal data should follow the established guidelines of their organisations. The major practical steps and regards that have to be had are as follows:
    • Prior instructions or approvals from supervisors;
    • The Data Protection Principle 4 on data security, with particular regard to:
      1. The kind of data and the harm that could result,
      2. The physical location where the data is stored,
      3. Any security measures incorporated into any equipment in which the data is stored,
      4. Any measures taken for ensuring the integrity, prudence and competence of persons having access to the data, and
      5. Any measures taken for ensuring the secure transmission of the data;
    • Redacting the personal data/ confidential information before departing office for home;
    • No application of portable devices for storage;
    • Body-welded transportation in exceptional circumstances; and
    • Encryption for digital data
       
  • Besides, employees who are using their laptops or other mobile devices during the WFH period should always be cautious and vigilant about the risks arising from mobile and cloud technologies, as hackers are watching every pitfall in mobile devices or Wi-Fi connection to steal personal data or sensitive data. Here are some security tips:
    • Never share the work device’s account with others;
    • Ensure Wi-Fi connection is secured;
    • Regularly change your Wi-Fi passwords;
    • Install proper anti-virus software; and
    • Perform regular system updates of your mobile devices