In the digital era, safeguarding personal data security is of utmost importance. As cyberattack techniques continue to evolve, individuals face increasing privacy risks. Both businesses and individuals must enhance their awareness of data protection to ensure the confidentiality, integrity, and availability of personal data in different contexts, thereby reducing the risk of data breaches. Therefore, Personal Data Protection Act establish appropriate security measures to ensure that the personal data held by various organizations is adequately protected.

The development of identity authentication technology has progressed from traditional passwords to biometric authentication. Multi-factor authentication (MFA) is one of the most effective identity verification methods and has been widely adopted by major enterprises and government institutions. Examples include FIDO security keys and banks’ one-time passwords (OTP), both of which effectively reduce the risk of identity theft. By increasing cybersecurity awareness and implementing stronger identity verification measures, a more secure digital environment can be created, minimizing the threat of personal data breaches.

To address the issues of personal data and information security, Data Protection by Design (“DPbD”) for information and communications technology (“ICT”) systems is an approach where data protection measures are considered and incorporated into ICT systems during their development. By integrating data protection principles from the outset, organizations can build systems that better safeguard personal data and foster a culture of good data management practices. Ensuring DPbD at the beginning and throughout the lifecycle of an ICT system also helps to minimize unnecessary delays and reduce costs, compared to retrofitting data protection features afterward. DPbD should not be treated as an afterthought but rather embedded into an organization's practices.