Client data is not yours. You are entrusted to protect it.
What the Law Says
Under the Personal Data Protection Act (PDPA) 2012:
All organisations and individuals must comply when they:
- Collect personal data
- Use personal data
- Disclose personal data
If you handle client information, PDPA applies to you.
What This Means in Redbrick
- Always obtain consent before collecting data
- Use data only for its intended purpose
- Do not share data outside approved channels
- Do not store or transfer data improperly
- Protect all client information at all times
No consent = no data.
Common Violations
- Sending client documents via unapproved channels
- Sharing client info with external parties without consent
- Using client data for other cases
- Storing documents on personal devices or platforms
- Submitting incomplete or undocumented data flows
Convenience is not an excuse.
What Happens If You Breach
- Regulatory penalties (fines)
- Company exposure to legal action
- Internal disciplinary action
- Personal liability for damages
If your actions cause damage, you may be held responsible.
Respect the data. Protect the client. Protect yourself.