Highlights of the Singapore Personal Data Protection Act 2012

3,436 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,436
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
74
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Highlights of the Singapore Personal Data Protection Act 2012

  1. 1. DAVID HK Lim MBA CEHA HP: 82886878 Email: davidlim@sgpersonaldataprotection.com www.SGPDPA2012.com
  2. 2. Profile – Short Version Previously worked for MNCs - NMB, McDonald’s, Seagate, Maxtor & Sony Production, Program Mgt & Business Development -Asia Pacific, Middle East & South Africa Own Business - Database Mining Consultancy - Real Estate Agency License - PDPA Seminars & Workshops
  3. 3. HIGHTLIGHTS Singapore Personal Data Protection Act 2012 Contents 1) About SG PDPA Compliance 2) What is Privacy ? 3) What is the Purpose & Why ? 4) Penalties for non compliance ?4) Penalties for non-compliance ? 5) 9 Organisation Obligations 6) Do Not Call Registry 7) Summary of PDPA Compliance Framework 8) 3 Major Recommendations – Management Tools 9) Seminar on 13 Sept 2013, 2pm to 5pm, M. Hotel
  4. 4. Seminar – Overview Just 4 Steps Systematic Approach Understanding & ComplianceUnderstanding & Compliance Singapore Personal Data Protection Act 2012 13 September 2013, 2pm to 5pm, M.Hotel David HK Lim SG PDPA Compliance Resources Centre
  5. 5. Seminar Overview Singapore Personal Data Protection Act 2012 Contents Outline 1. What is PDPA 2012 2. Data Protection Provisions - General Rules / Collection, Uses & Disclosure - Access & Correction / Care of Personal Data- Access & Correction / Care of Personal Data 3. Do Not Call Provisions 4. Offences, Penalties & Civil Action 5) Summary outline of PDPA Compliance Framework 6) Ten Major Elements of an Effective Compliance Program.
  6. 6. One Stop PDPA Solutions • Provides One Stop PDPA Solutions • Work with Professionals, Experts, Businessmen, Lawyers, IT Data & Security, Others in PDPA Compliance solutions • PDPA Compliance Marketing Consultancy • Conducts PDPA Seminars & Training Workshops • Provides training for jobs as PDPA Compliance Officers & Managers • Supply PDPA trained personnel to companies • Offer PDPA solutions in IT Data Security & Management Systems • SOP PDPA Compliance Manuals by Industry
  7. 7. About PDPA - Video
  8. 8. Your company MUST mandatory comply if :- a) hire any employees b) sell directly to individuals c) collects personal data for business d) deploy cold calls, sms or fax marketing. • You must appoint ONE Compliance Officer. • The penalty for non-compliance is up to S$1 million. • You cannot SMS, Cold Call or Fax to those registered with Do-Not-Call registry list provided by the government. • The penalty for DNC non- compliance is S$10,000
  9. 9. B2B / B2C / M2M • B2B – Business to Business - Not applicable • B2C Business to Consumer• B2C – Business to Consumer - Applicable • M2M – Machine to Machine - Applicable ?
  10. 10. Under this SG PDPA Act 2012 - Organisation means • Companies & Businesses • Sole Proprietors • Organisations, Societies & Associations • Churches, Temples & Religious bodies • Even Individuals included • All – as long as Personal Data is involved - Online, On Record – Digital or Physical
  11. 11. WHO ARE THE MAIN PERSONNEL INVOLVED PDPA COMPLIANCE? AND WHY? • Top Management – Chairman, CEO, MD, & Biz Owners. - Why ? The Penalty up to S$1 million for non-compliance. • Human Resources / Compliance - Team - Employees Data / Legal Counsel / Compliance Policies. •Sales & Marketing – Do Not Call provisions (DNC)Sales & Marketing Do Not Call provisions (DNC) • Comply with SMS, Cold Calls & Fax regulations. • Penalty S$10,000 for organisation. • IT – Data Security & Management • Internal threats - Secured & authorised access • External threats – Firewall & Cloud Computing • Legal / Contract Laws involving different countries - eg, EU & Singapore - More than 50 countries already have PDPA laws & growing.
  12. 12. 4 Types of Privacy • Physical • Communications • Spiritual / Intellectual• Spiritual / Intellectual • Information / Data
  13. 13. Type 4 - Information / Data - Name - Identity - Photo - Income- Income - Ethnic Group - Gender - Age - Marital Status - Educational Level
  14. 14. What is PDPA about? • Singapore Personal Data Protection Act 2012 • Passed by parliament on 15 October 2012 Governs the Collection, Uses &• Governs the Collection, Uses & Disclosure and Retention & Disposal of Personal Data • Becomes Law on 2 January 2013.
  15. 15. What is the purpose of PDPA ? • Safeguard individuals personal data against misuse • Individuals has control over their data • Complement sector-specific framework,Complement sector-specific framework, • Enhance Singapore’s competitive advantages - data hosting & management • To be consistent with international standards • Complaints based approach
  16. 16. What is Personal Identifiable Information? • Individually identifiable information, eg Name, NRIC, passport, photo, credit card, bank account, DNA, Thumbprint, mobile number, personal email, etc. • Any set of matching data, eg name, address, age, telephone number, occupation, etc. - Example 1: NRIC or Photo or Credit Card - YES - Example 2: Name only. Mary Tan alone – NO. - Example 3: Name with address. Mary Tan, Blk 123, Yishun St. 61, 01-123 - YES
  17. 17. MAJOR METHODS PERSONAL DATA COLLECTION • 1) LUCKY DRAWS - RETAIL • 2) SURVEY FORMS - INSURANCE • 3) JOB APPLICATIONS – HR • 4) PHOTOCOPY NRIC - REGISTRATION • 5) ONLINE MEMBERSHIPS – INTERNET • 6) COOKIES – EMBEDDED SOFTWARES • 7) WARRANTY CARDS – SERVICE CENTRES • 8) “HACKING” – ESPIONAGE
  18. 18. 4 MAIN COMPONENTS OF PDPA MUST REMEMBER & TO COMPLY • 1) COLLECTION & CONSENT • 2) USES & DISCLOSURE • 3) RETENTION & DISPOSAL• 3) RETENTION & DISPOSAL • 4) DO NOT CALL REGISTRY Personal Data of - • Employee’s personal data (HR Dept) • Customer’s personal data (individuals)
  19. 19. 2 Examples – By Industries Why must comply? Example 1: SPAs • HR Dept. Employees Personal Data involved • Customers Contracts. Customers Individual Personal Data involved. • Telemarketing / SMS. Individual Personal Data involved name / mobile or telephone number– name / mobile or telephone number Example 2: Leisure Cruises – many countries. • HR Dept. Employees Personal Data involved • Members. Customers individual Personal Data involved. • Telemarketing / SMS / Fax. Individual Personal Data involved – name / mobile or telephone number • Transfer of Personal Data – different port of call.
  20. 20. Take Note: 3 Penalties of PDPA • 1) No Compliance Policy - Penalty for organisation up to S$1 Million • 2) Non-Compliance Access & Correction Penalty S$5,000 + Jail Term 12 months- Penalty S$5,000 + Jail Term 12 months • 3) Violation of Do-Not-Call provision - Penalty S$10,000 per violation
  21. 21. 9 Obligations ALL Organisations MUST Comply • 1) The Openness Obligation. • 2) The Consent Obligation. • 3) The Purpose Limitation Obligation.3) The Purpose Limitation Obligation. • 4) The Notification Obligation. • 5) The Access and Correction Obligation. • 6) The Accuracy Obligation. • 7) The Protection Obligation. • 8) The Retention Limitation Obligation. • 9) The Transfer Limitation Obligation.
  22. 22. National Do-Not-Call Registry • “STN” : Singapore Telephone Number • Beginning with 3, 6, 8 or 9 • “Specified Message” relating to supply, promote of goods & services, land,promote of goods & services, land, business opportunity, obtaining information, etc • Either Sender or Receiver in Singapore
  23. 23. What is National Do Not Call (DNC) registry about & coverage? • Opt Out option for individuals NOT to receive any direct marketing • Applicable to 3 registry- a) Telephone Registry: Voice calls (cold calls)a) Telephone Registry: Voice calls (cold calls) b) Text Registry: SMS (text message) c) Fax Registry: Fax • Direct Mailing (postal mailing) not included • Email is not included
  24. 24. PROPOSED FEE – ACCESS DNC • Prepaid * 5K - $100, 10K - $150, 25K - $350, 100K - $1,200, 250K - $2,700 & 1 Million - $10,000 • Pay-per-use fees ** 1-300 @ $0.033, 301-5K @ $0.03, 5K-10K @ $0.026, 10K-25K @ $0.024,25K-100K @ $0.019, 100K-250K @ $0.015 & 250K-1 Million @ $0.012
  25. 25. Summary of PDPA Compliance Framework • 1. Appointment of Data Protection Compliance Officer • 2. PDPA Compliance System • 2.1. Data Protection Policy2.1. Data Protection Policy • 2.2. Compliance with 9 Organisation Obligations • 2.3. Compliance with the Do Not Call Provision • 2.4. Handling Complaints • 2.5. Communication of Policies & Practices • 2.6. HR issues.
  26. 26. 3 MAJOR Recommendations for nominated Compliance Officer Management Tools • Design & Deploy Fact Finding Book - to manage & track whose fault - “Fault Finding Book” Data Encryption & Security Solutions• Data Encryption & Security Solutions - to manage & track digital data usage & security • Physical Data Security Solutions - to manage & track physical documents & disposal
  27. 27. Seminar • Date: 13 September 2013. 2pm to 5pm. • Venue: M. Hotel. Anson Road/ • Fee: S$650 per pax./ S$1,250 – 2pax. • Early Bird: S$600 per pax / S$1,225 – 2 pax. Register & paid up before 30 August 2013 • Limited to 20 pax only.
  28. 28. Q & A Thank You !!

×