Why does personal data need protecting, and how do we keep it safe and private?
Explain why personal data must be protected, the risks of misuse, and measures and good practice for keeping data private
A focused answer to the O-Level Computing point on data protection. Why personal data must be protected, the risks of misuse such as identity theft, and the measures and good practice that keep data private and secure.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
SEAB wants you to explain why personal data must be protected, the risks if it is misused, and the measures and good practice that keep data private and secure. The central idea is that personal data identifies real people, so its loss or misuse can cause serious harm such as identity theft, and both organisations and individuals share responsibility for protecting it.
The answer
What personal data is
Personal data is information that identifies a living individual, such as a name, address, identity card number, date of birth, phone number or photograph. Some personal data is sensitive, such as health or financial information, and needs extra care.
Why it must be protected
Personal data is valuable and private. If it is lost, stolen or misused, the consequences for the individual can be severe, which is why protecting it is both an ethical duty and, in many places, a legal one.
Risks of misuse
- Identity theft: a criminal uses stolen details to impersonate the victim, opening accounts or making purchases in their name.
- Fraud and financial loss: stolen bank or card details are used to take money.
- Loss of privacy: exposed data can lead to scams, blackmail, stalking or embarrassment.
- Reputational harm: information taken out of context can damage someone's standing.
Organisations' responsibilities
An organisation that holds personal data should:
- keep it secure (encrypted, access-controlled, backed up),
- collect only what is needed and use it only for the stated purpose,
- keep it accurate and not for longer than necessary,
- and let individuals see and correct their data.
These principles reflect data protection laws, including Singapore's Personal Data Protection Act.
Good practice for individuals
- Use strong, unique passwords and two-factor authentication.
- Do not overshare personal information online.
- Check the privacy settings on your accounts.
- Be wary of phishing messages and suspicious links.
- Only give data to trusted sites (look for HTTPS), and log out on shared devices.
Why social media care matters
What you post can be copied, combined and kept permanently, even if you later delete it. Oversharing details such as your location or routine can expose you to scams, stalking or identity theft, and old posts can affect your reputation in future.
Examples in context
Example 1. A data breach at a shop. A retailer's customer database is hacked and names, addresses and card details are leaked. Customers face fraud and identity theft, and the company faces legal penalties and lost trust, showing why secure storage and collecting only what is needed matter.
Example 2. Oversharing on social media. A student posts their school, daily route and holiday dates publicly. A stranger could use this to track or scam them, and the posts may resurface years later. Tightening privacy settings and sharing less protects both safety and reputation.
Try this
Q1. State what personal data is, with one example. [2 marks]
- Cue. Information that identifies a living individual, such as a name, address or identity card number.
Q2. Give one risk of personal data being stolen. [2 marks]
- Cue. Identity theft, fraud or financial loss, or loss of privacy.
Q3. State two things an individual can do to protect their privacy online. [2 marks]
- Cue. Use strong unique passwords, check privacy settings, avoid oversharing, or beware of phishing links (any two).
Exam-style practice questions
Practice questions written in the style of SEAB exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
Original5 marks(a) State what is meant by personal data, with an example. (b) Describe two risks if personal data is not kept secure. (c) State one responsibility an organisation has when it stores people's personal data.Show worked answer →
(a) Personal data is information that identifies a living individual, such as a name, address, identity card number, date of birth or photograph.
(b) Two risks of insecure personal data:
- Identity theft: a criminal uses stolen details to impersonate the victim, for example opening accounts or making purchases in their name.
- Fraud or financial loss: stolen bank or card details are used to take money; and exposed data can lead to scams, blackmail or loss of privacy.
(c) An organisation should: keep the data secure (for example encrypted and access-controlled); collect only what is needed and use it only for the stated purpose; keep it accurate and not longer than necessary; and allow individuals to see their data. Any one clear responsibility is acceptable.
Markers reward personal data identifying an individual with an example, two genuine risks such as identity theft or fraud, and a valid organisational responsibility.
Original5 marks(a) Give two pieces of good practice an individual can follow to protect their own privacy online. (b) Explain why being careful about what you share on social media matters.Show worked answer →
(a) Good practice includes: use strong, unique passwords and two-factor authentication; do not overshare personal information; check privacy settings on accounts; be wary of phishing messages and suspicious links; only give data to trusted sites (look for HTTPS); and log out on shared devices. Any two are acceptable.
(b) What you share on social media can be seen, copied and combined by others, including strangers and employers. Oversharing (location, school, daily routine) can expose you to scams, stalking or identity theft, and posts can be permanent and public even if later deleted, affecting your reputation in future. So thinking before sharing protects both safety and privacy.
Markers reward two valid good-practice measures, and a clear reason such as data being permanent, public or usable for scams and identity theft.
Related dot points
- Describe types of malware (virus, worm, trojan, ransomware, spyware), how they spread, and how to protect against them
A focused answer to the O-Level Computing point on malware. The main types (virus, worm, trojan, ransomware, spyware), how they spread, the harm they cause, and the measures that protect against them.
- Explain computer ethics including intellectual property, copyright, plagiarism and acceptable use, and the difference between legal and ethical
A focused answer to the O-Level Computing point on ethics and law. Intellectual property and copyright, software licensing, plagiarism, acceptable use, and the difference between what is legal and what is ethical.
- Discuss the social and environmental impact of computing, including benefits, the digital divide, e-waste and energy use
A focused answer to the O-Level Computing point on impact. The social benefits and drawbacks of computing, the digital divide, the effect on jobs, and environmental issues such as e-waste and energy use.
- Describe protection measures including strong passwords, firewalls, encryption, antivirus software and user access levels
A focused answer to the O-Level Computing point on protecting networks. Strong passwords and two-factor authentication, firewalls, encryption, antivirus software, user access levels, and how a layered defence works.
- Distinguish the internet from the World Wide Web, and describe the roles of browsers, web servers, URLs and HTTP in loading a page
A focused answer to the O-Level Computing point on the internet and the Web. The difference between the internet (the network) and the Web (pages on it), and the roles of browsers, web servers, URLs, HTTP and HTTPS in loading a page.