PDPA, that was first announced last October and to come into full effect from 2 July 2014, establishes a new general data protection law in Singapore, which governs the collection, use and disclosure of individuals’ personal data by organisation.
Organisations are required to designate at least one Data Protection Officer to oversee the organisation’s compliance with the act.
The guidelines provide interpretation of key terms. For example, ‘personal data’ is all types of data from which an individual can be identified, regardless of whether such data is true or false or whether it is in electronic or other form.
The guidelines also elaborate on the Data Protection Provisions and various obligations in the PDPA, for example, the obligation to obtain the consent of an individual before collecting, using or disclosing his personal data, and to notify the individual of the purpose of doing so.
The national Do-Not-Call Registry will be set up by 2 January 2014, and organisations that wish to send specified messages - including those of a marketing nature for commercial purposes - to an individual with a Singapore telephone number must check with the registry to obtain consent of the individual.
The advisory guidelines elaborate on how the PDPA applies to specific issues and domains. Data for research, collection of personal data through Closed-Circuit Televisions, and use of National Registration Identity Card (NRIC) numbers, are some of the topics highlighted in these guidelines.
As best practice, organisations should avoid over-collecting personal data and consider suitable alternatives for their requirements (e.g. using an individual’s unique membership number and date of birth instead of NRIC number to verify his identity).
“The Advisory Guidelines aim to provide greater clarity to organisations and individuals on the provisions of the PDPA. For businesses, it is important that they prepare in advance and review their own operations and processes to comply with the provisions. The PDPC is also working with sectoral regulators to develop sector-specific guidelines, and will review the need to issue further guidelines to facilitate better understanding of and compliance with the PDPA obligations,” said Leong Keng Thai (pictured), Chairman of PDPC.
---
Autor(en)/Author(s): Kelly Ng
Quelle/Source: futureGov, 26.09.2013