As the digital economy expands at a rapid pace, companies continue to collect massive amounts of data and have come to be more dependent on this data to fuel their businesses. From e-commerce firms to healthtech firms, reams of data amassed from consumers are being used to better their offering of products and services. With the growth of this data-reliant digital economy, the concerns surrounding data privacy have grown too.

Start-ups face a considerably larger risk in protecting data, as they use data to the same extent, if not more, than that of larger corporates, but their primary focus and priority may be on growing the company rather than ensuring proper safeguards are in place for protection of data.

Start-ups are generally constrained by limited financial resources and engineering expertise when it comes to building up the pertinent knowhow and security protocols that companies which are handling sensitive data need. Analysts point out that since start-ups are more risk-seeking; the adoption of innovative and disruptive processes opens one up to increased systematic cyber risks due to their unproven nature.

Rising start-ups such as Near, CredoLab and Zilingo touts data protection as an edge over its peers in the face of increasing data privacy importance. Near, regarded as one of South East Asia’s most valuable marketing tech start-ups goes the extra mile when amassing consumer data by stripping the data of any personal identifiers, essentially anonymising and hashing the data itself.

CredoLab, a Singapore-based credit scoring start-up, uses smartphone metadata to score users, so that the source is protected. Zilingo, a fashion e-commerce start-up takes the furthest step in employing ethical hackers to expose any cracks in the company’s systems periodically to ensure the robustness of its security measures.

In the case of failure of a start-up, the Personal Data Protection Act requires the start-up to cease to retain any personal data if there is no legal or business purpose for doing so.

In sum, notwithstanding the implementation of various rules and policies concerning data collection, use and management, the first line of defence towards data protection remains with ensuring good security.