This document provides information about a seminar on compliance with Singapore's Personal Data Protection Act (PDPA) 2012. It summarizes the speaker's background working for multinational companies and now owning his own PDPA consultancy business. The seminar will cover what is personal data under the PDPA, the obligations and penalties for non-compliance, how the act applies to different industries and business models, and recommendations for tools an organization's compliance officer can use to manage PDPA requirements. The seminar will be held on September 13 from 2-5pm at M Hotel with early bird rates available before August 30 for those who register and pay in advance.

1. DAVID HK Lim MBA CEHA
HP: 82886878
Email: davidlim@sgpersonaldataprotection.com
www.SGPDPA2012.com

2. Profile – Short Version
Previously worked for MNCs
- NMB, McDonald’s, Seagate, Maxtor & Sony
Production, Program Mgt & Business
Development
-Asia Pacific, Middle East & South Africa
Own Business
- Database Mining Consultancy
- Real Estate Agency License
- PDPA Seminars & Workshops

3. HIGHTLIGHTS
Singapore Personal Data Protection Act 2012
Contents
1) About SG PDPA Compliance
2) What is Privacy ?
3) What is the Purpose & Why ?
4) Penalties for non compliance ?4) Penalties for non-compliance ?
5) 9 Organisation Obligations
6) Do Not Call Registry
7) Summary of PDPA Compliance Framework
8) 3 Major Recommendations – Management Tools
9) Seminar on 13 Sept 2013, 2pm to 5pm, M. Hotel

4. Seminar – Overview
Just 4 Steps
Systematic Approach
Understanding & ComplianceUnderstanding & Compliance
Singapore Personal Data Protection Act 2012
13 September 2013, 2pm to 5pm, M.Hotel
David HK Lim
SG PDPA Compliance Resources Centre

5. Seminar Overview
Singapore Personal Data Protection Act 2012
Contents Outline
1. What is PDPA 2012
2. Data Protection Provisions
- General Rules / Collection, Uses & Disclosure
- Access & Correction / Care of Personal Data- Access & Correction / Care of Personal Data
3. Do Not Call Provisions
4. Offences, Penalties & Civil Action
5) Summary outline of PDPA Compliance Framework
6) Ten Major Elements of an Effective Compliance
Program.

6. One Stop PDPA Solutions
• Provides One Stop PDPA Solutions
• Work with Professionals, Experts, Businessmen,
Lawyers, IT Data & Security, Others in PDPA
Compliance solutions
• PDPA Compliance Marketing Consultancy
• Conducts PDPA Seminars & Training Workshops
• Provides training for jobs as PDPA Compliance Officers
& Managers
• Supply PDPA trained personnel to companies
• Offer PDPA solutions in IT Data Security & Management
Systems
• SOP PDPA Compliance Manuals by Industry

7. About PDPA - Video

8. Your company MUST mandatory comply if :-
a) hire any employees
b) sell directly to individuals
c) collects personal data for business
d) deploy cold calls, sms or fax marketing.
• You must appoint ONE Compliance Officer.
• The penalty for non-compliance is up to S$1 million.
• You cannot SMS, Cold Call or Fax to those registered with
Do-Not-Call registry list provided by the government.
• The penalty for DNC non- compliance is S$10,000

9. B2B / B2C / M2M
• B2B – Business to Business
- Not applicable
• B2C Business to Consumer• B2C – Business to Consumer
- Applicable
• M2M – Machine to Machine
- Applicable ?

10. Under this SG PDPA Act 2012 -
Organisation means
• Companies & Businesses
• Sole Proprietors
• Organisations, Societies & Associations
• Churches, Temples & Religious bodies
• Even Individuals included
• All – as long as Personal Data is involved
- Online, On Record – Digital or Physical

11. WHO ARE THE MAIN PERSONNEL INVOLVED PDPA
COMPLIANCE? AND WHY?
• Top Management – Chairman, CEO, MD, & Biz Owners.
- Why ? The Penalty up to S$1 million for non-compliance.
• Human Resources / Compliance - Team
- Employees Data / Legal Counsel / Compliance Policies.
•Sales & Marketing – Do Not Call provisions (DNC)Sales & Marketing Do Not Call provisions (DNC)
• Comply with SMS, Cold Calls & Fax regulations.
• Penalty S$10,000 for organisation.
• IT – Data Security & Management
• Internal threats - Secured & authorised access
• External threats – Firewall & Cloud Computing
• Legal / Contract Laws involving different countries
- eg, EU & Singapore
- More than 50 countries already have PDPA laws & growing.

12. 4 Types of Privacy
• Physical
• Communications
• Spiritual / Intellectual• Spiritual / Intellectual
• Information / Data

13. Type 4 - Information / Data
- Name
- Identity
- Photo
- Income- Income
- Ethnic Group
- Gender
- Age
- Marital Status
- Educational Level

14. What is PDPA about?
• Singapore Personal Data Protection Act
2012
• Passed by parliament on 15 October 2012
Governs the Collection, Uses &• Governs the Collection, Uses &
Disclosure and Retention & Disposal of
Personal Data
• Becomes Law on 2 January 2013.

15. What is the purpose of PDPA ?
• Safeguard individuals personal data
against misuse
• Individuals has control over their data
• Complement sector-specific framework,Complement sector-specific framework,
• Enhance Singapore’s competitive
advantages - data hosting & management
• To be consistent with international
standards
• Complaints based approach

16. What is Personal Identifiable
Information?
• Individually identifiable information, eg Name,
NRIC, passport, photo, credit card, bank
account, DNA, Thumbprint, mobile number,
personal email, etc.
• Any set of matching data, eg name, address,
age, telephone number, occupation, etc.
- Example 1: NRIC or Photo or Credit Card - YES
- Example 2: Name only. Mary Tan alone – NO.
- Example 3: Name with address. Mary Tan, Blk 123,
Yishun St. 61, 01-123 - YES

17. MAJOR METHODS
PERSONAL DATA COLLECTION
• 1) LUCKY DRAWS - RETAIL
• 2) SURVEY FORMS - INSURANCE
• 3) JOB APPLICATIONS – HR
• 4) PHOTOCOPY NRIC - REGISTRATION
• 5) ONLINE MEMBERSHIPS – INTERNET
• 6) COOKIES – EMBEDDED SOFTWARES
• 7) WARRANTY CARDS – SERVICE CENTRES
• 8) “HACKING” – ESPIONAGE

18. 4 MAIN COMPONENTS OF PDPA
MUST REMEMBER & TO COMPLY
• 1) COLLECTION & CONSENT
• 2) USES & DISCLOSURE
• 3) RETENTION & DISPOSAL• 3) RETENTION & DISPOSAL
• 4) DO NOT CALL REGISTRY
Personal Data of -
• Employee’s personal data (HR Dept)
• Customer’s personal data (individuals)

19. 2 Examples – By Industries
Why must comply?
Example 1: SPAs
• HR Dept. Employees Personal Data involved
• Customers Contracts. Customers Individual Personal
Data involved.
• Telemarketing / SMS. Individual Personal Data involved
name / mobile or telephone number– name / mobile or telephone number
Example 2: Leisure Cruises – many countries.
• HR Dept. Employees Personal Data involved
• Members. Customers individual Personal Data involved.
• Telemarketing / SMS / Fax. Individual Personal Data
involved – name / mobile or telephone number
• Transfer of Personal Data – different port of call.

20. Take Note: 3 Penalties of PDPA
• 1) No Compliance Policy
- Penalty for organisation up to S$1 Million
• 2) Non-Compliance Access & Correction
Penalty S$5,000 + Jail Term 12 months- Penalty S$5,000 + Jail Term 12 months
• 3) Violation of Do-Not-Call provision
- Penalty S$10,000 per violation

21. 9 Obligations ALL Organisations
MUST Comply
• 1) The Openness Obligation.
• 2) The Consent Obligation.
• 3) The Purpose Limitation Obligation.3) The Purpose Limitation Obligation.
• 4) The Notification Obligation.
• 5) The Access and Correction Obligation.
• 6) The Accuracy Obligation.
• 7) The Protection Obligation.
• 8) The Retention Limitation Obligation.
• 9) The Transfer Limitation Obligation.

22. National Do-Not-Call Registry
• “STN” : Singapore Telephone Number
• Beginning with 3, 6, 8 or 9
• “Specified Message” relating to supply,
promote of goods & services, land,promote of goods & services, land,
business opportunity, obtaining
information, etc
• Either Sender or Receiver in Singapore

23. What is National Do Not Call (DNC)
registry about & coverage?
• Opt Out option for individuals NOT to receive
any direct marketing
• Applicable to 3 registry-
a) Telephone Registry: Voice calls (cold calls)a) Telephone Registry: Voice calls (cold calls)
b) Text Registry: SMS (text message)
c) Fax Registry: Fax
• Direct Mailing (postal mailing) not included
• Email is not included

24. PROPOSED FEE – ACCESS DNC
• Prepaid
* 5K - $100, 10K - $150, 25K - $350, 100K -
$1,200, 250K - $2,700 & 1 Million - $10,000
• Pay-per-use fees
** 1-300 @ $0.033, 301-5K @ $0.03, 5K-10K @
$0.026, 10K-25K @ $0.024,25K-100K @
$0.019, 100K-250K @ $0.015 & 250K-1 Million
@ $0.012

25. Summary of PDPA Compliance
Framework
• 1. Appointment of Data Protection Compliance
Officer
• 2. PDPA Compliance System
• 2.1. Data Protection Policy2.1. Data Protection Policy
• 2.2. Compliance with 9 Organisation Obligations
• 2.3. Compliance with the Do Not Call Provision
• 2.4. Handling Complaints
• 2.5. Communication of Policies & Practices
• 2.6. HR issues.

26. 3 MAJOR Recommendations
for nominated Compliance Officer
Management Tools
• Design & Deploy Fact Finding Book
- to manage & track whose fault - “Fault Finding Book”
Data Encryption & Security Solutions• Data Encryption & Security Solutions
- to manage & track digital data usage & security
• Physical Data Security Solutions
- to manage & track physical documents & disposal

27. Seminar
• Date: 13 September 2013. 2pm to 5pm.
• Venue: M. Hotel. Anson Road/
• Fee: S$650 per pax./ S$1,250 – 2pax.
• Early Bird: S$600 per pax / S$1,225 – 2
pax. Register & paid up before 30 August
2013
• Limited to 20 pax only.

28. Q & A
Thank You !!