DESIGN PERSONAL DATA BREACH RESPONSE PLAN

Course Overview

NTUC LearningHub Course Code: NICF145

TP Gateway Code: TPG-2021018466

February 2022, the PDPA was amended to make Data Breach Notifications mandatory. There new law established thresholds and timelines. Companies must establish a Data Breach Response Plan as part of their Data Protection Management Programme

• This course teaches the learners what the various components of this data breach response plan is.
• It includes all the necessary requirements as prescribed by the law.
• It also takes into account the business processes of organisations

This 2-day course provides learners with knowledge on how to develop incident management procedures and synthesise incident-related analyses to distil key insights, resolve incidents and establish mitigating and preventive solutions. The course will enable learners to manage the containment of personal data breach incidents, lead the recovery of contained security incidents, establish mitigation and prevention processes and policies. It will also introduce learners on methods of how to test their organisation’s data breach response plans.

 

Course Objectives

Upon completion of this Course, participants will have the following knowledge:

• Mechanics of incident alert triggers
• Incident remediation solutions and strategies
• Incident mitigation strategies.’
• Personal Data Protection Act 2012
• Trends in personal data breaches or incidents that may impact business / IT processes or services.
• PDPC’s Guide to Managing Data Breaches 2.0

With the above-mentioned knowledge, participants will be able to carry out the following:

• Develop mechanisms or threat signatures that trigger incident alerts to relevant parties and systems
• Integrate cyber- and data-related information, alerts and analysis from detection system logs to develop a holistic view of incidents
• Distil key insights and impact from analyses of incidents
• Manage the containment of cyber and data incidents within the organisation
• Lead recovery of contained security incidents
• Establish mitigation and prevention processes and policies
• Drive implementation of mitigation processes and policies
• Develop a data breach management plan that considers business processes and needs, and include defined roles and responsibilities, as well as contingency plans when different breach scenarios occur.
• Establish a process that can effectively respond to data breaches by referencing PDPC’s CARE framework.
• Report the personal data protection breach to senior Management / PDPC that describes the extent of the personal data protection breach (e.g. the number of individuals affected) and the type and volume (number of records) of personal data involved and communicate in the most effective way to individuals affected by the breach incident.

Pre-requisites

Knowledge, Skills & Experience

There are no pre-requisites for this course.

Assumed Knowledge and Experience:

• Understands relevant organisational strategies, objectives, culture, policies, processes and products / services
• Aware of compliance requirements of the organisation
• Assumed Skills:
• Have business writing skills to prepare management report
• Have analytical skills to assess policies and procedures
• Have information gathering skills to gather and collate necessary data
• Have interpersonal and communication skills to interact with relevant stakeholders; and
• Have facilitation skills to ask the right questions to elicit necessary information

Hardware & Software
This course will be conducted as a Virtual Live Class (VLC) via Zoom platform. Participants must own a zoom account and have a laptop or a desktop with “Zoom Client for Meetings” installed. This can be downloaded from https://zoom.us/download

System Requirement

Must Have: Please ensure that your computer or laptop meets the following requirements. Operating system: Windows 10 or MacOS (64 bit or above) Processor/CPU: 1.8 GHz, 2-core Intel Core i3 or higher Minimum 20 GB hard disk space. Minimum 8 Gb RAM Webcam (The camera must be turned on for the duration of the class) Microphone Internet Connection: Wired or Wireless broadband Latest version of Zoom software to be installed on computer or laptop prior to the class. Good to Have: Wired internet connection Wired internet will provide you with stable and reliable connection. Dual monitors Using a dual monitor setup will undoubtedly improve your training experience, enabling you to simultaneously participate in hands-on exercises and maintain engagement with your instructor. Not Recommended: Using tablets is not recommended due to their smaller screen size, which could cause eye strain and discomfort over the course of the program's duration.

Course Outline

• Trends in Personal Data Breaches
  • Trends in Singapore
  • Global Trends
• Incident Alert Triggers
  • Purpose of incident alert triggers
  • Importance of incident alert triggers
  • Best Practices
• Requirements Gathering for the Development of a Data Breach Management Response Plan
  • Data Inventory Map
  • Data Flow Diagram
  • Risk Assessment
  • Reporting to Senior Management
  • Content of Risk Assessment Report
  • Requirements Gathering Tool
• Components of a Data Breach Management and Response Plan
  • Defining a data breah
  • Reporting the breach internally
  • Forming a data breach management response team
  • Time to engage the data breach management response team
• Containment of breach
  • Scoping incident
  • Preservation of Evidence
  • Initial Assessment
  • Containment Strategy
• Assessing the Risk and Impact
  • What and How to assess
  • Ease of identifying individuals
  • Investigating root cause of breach
• Reporting the data breach
  • Incident Report and incident ecord log
  • When to report to PDPC
  • Reporting breach to affected individuals
• Evaluating Response and Consider Actions to Prevent Future Breaches
  • Recommending enhancement or system changes
  • Reducing human error risk factor
  • Data minimization and minimization of data access
  • Securing networks
  • Require Vendors to uphold same standards
• Test Personal Data Breach Response Plan
  • Methods of testing
  • Incident handling scenarios

Certificate Obtained and Conferred by

• Certificate of Completion from NTUC LearningHub
  
  Upon meeting at least 75% attendance and passing the assessment(s), participants will receive a Certificate of Completion from NTUC LearningHub.
• Statement of Attainment from SkillsFuture Singapore (SSG)
  
  Upon meeting at least 75% attendance and passing the assessment(s), a Statement of Attainment (SOAs) will be issued by SkillsFuture Singapore (SSG) to certify that the participant has achieved the following Competency Standard(s):
  
  ICT-OUS-4003-2.1 Cyber and Data Breach Incident Management

Additional Details

Medium of Instruction: English

Trainer: Trainee Ratio is 1:20

Mode of Delivery: Virtual Live Class (VLC) via Zoom

As this is a government subsidised programme, the entire training programme will be video recorded for audit purposes by the relevant funding agency. To ascertain their presence, Trainees / Participants are required to

• Turn on web camera to show real-time video, as opposed to using a profile picture / video for the entirety of the training and assessment session.
• Ensure that their faces are fully visible (not just the forehead / eyebrows)
• Use their full name as per NRIC / Passport as their Screen Name on Zoom

Courseware: Design Personal Data Breach Response Plan LG (Learner’s Guide) on Canvas

Labs: NA.
 

Price

Course Fee and Government Subsidies
	Individual Sponsored		Company Sponsored
			Non-SME		SME
	Before GST	With GST	Before GST	With GST	Before GST	With GST
Full Course Fee (For Foreigners and those not eligible for subsidies)	$1,440.00	$1,569.60	$1,440.00	$1,569.60	$1,440.00	$1,569.60
For Singapore Citizens aged 39 years and below and For all Singapore Permanent Residents (The minimum age for individual sponsored trainees is 21 years)	$720.00	$849.60	$720.00	$849.60	$432.00	$561.60
For Singapore Citizens aged 40 years and above	$432.00	$561.60	$432.00	$561.60	$432.00	$561.60

*After 70% ­­­­funding for SME-sponsored Singaporeans and PRs under Enhanced Training Support for SMEs (ETSS) scheme

Funding Eligibility Criteria:

Individual Sponsored Trainee

Company Sponsored Trainee

Singapore Citizens or Singapore Permanent Residents From 1 October 2023, attendance-taking for SkillsFuture Singapore's (SSG) funded courses must be done digitally via the Singpass App. This applies to both physical and synchronous e-learning courses Trainee must achieve at least 75% attendance Trainee must pass all prescribed tests / assessments, and attain 100% competency NTUC LearningHub reserves the right to claw back the funded amount from trainee if he/she did not meet the eligibility criteria

Singapore Citizens or Singapore Permanent Residents From 1 October 2023, attendance-taking for SkillsFuture Singapore's (SSG) funded courses must be done digitally via the Singpass App. This applies to both physical and synchronous e-learning courses Trainee must achieve at least 75% attendance Trainee must pass all prescribed tests / assessments, and attain 100% competency NTUC LearningHub reserves the right to claw back the funded amount from the employer if trainee did not meet the eligibility criteria

Remarks:

Individual Sponsored Trainee

Company Sponsored Trainee

SkillsFuture Credit:  Eligible Singapore Citizens can use their SkillsFuture Credit to offset course fee payable after funding. UTAP:  This course is eligible for Union Training Assistance Programme (UTAP). NTUC members can enjoy up to 50% funding (capped at $250 per year) under UTAP.  PSEA:  To check for Post-Secondary Education Account (PSEA) eligibility for this course, visit: (a) SkillsFuture (TGS-2022014913) for Virtual Learning Class (VLC) (b) SkillsFuture (TGS-2022010684) for Face-to-Face class Scroll down to “Keyword Tags” to verify for PSEA eligibility.  If there is “PSEA” under keyword tags, the course is eligible for PSEA.   And if there is no “PSEA” under keyword tags, the course is ineligible for PSEA.  Not all courses are eligible for PSEA funding.

Absentee Payroll (AP) Funding:  $4.50 per hour, capped at $100,000 per enterprise per calendar year. AP funding will be computed based on the actual number of training hours attended by the trainee. Note: Courses / Modules under Professional Conversion Programme (PCP) will not be eligible for AP funding claim.

Terms & Conditions apply. NTUC LearningHub reserve the right to make changes or improvements to any of the products described in this document without prior notice.

Prices are subject to other LHUB miscelleanous fees.