This document provides information about a seminar on compliance with Singapore's Personal Data Protection Act (PDPA) 2012. It summarizes the speaker's background working for multinational companies and now owning his own PDPA consultancy business. The seminar will cover what is personal data under the PDPA, the obligations and penalties for non-compliance, how the act applies to different industries and business models, and recommendations for tools an organization's compliance officer can use to manage PDPA requirements. The seminar will be held on September 13 from 2-5pm at M Hotel with early bird rates available before August 30 for those who register and pay in advance.
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
Presented at a workshop for the Internet Society Singapore Chapter in May 2013. Visit techmusicartandlaw.blogspot.com to contact the author, or www.isoc.sg to find out more about the Internet Society in Singapore
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
A practical guide of how to comply with the provisions in Singapore Personal Data Protection Act from people, process, and technology (Microsoft specific) perspective.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
Presented at a workshop for the Internet Society Singapore Chapter in May 2013. Visit techmusicartandlaw.blogspot.com to contact the author, or www.isoc.sg to find out more about the Internet Society in Singapore
Complying with Singapore Personal Data Protection Act - A Practical GuideDaniel Li
A practical guide of how to comply with the provisions in Singapore Personal Data Protection Act from people, process, and technology (Microsoft specific) perspective.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
An introduction to data breach notification and communications requirements under the EU's GDPR, and what it means for communicators and reputation managers
The Protection of Personal Information Act: A PresentationEndcode_org
What does the Protection of Personal information Act mean for business and for cybersecurity? Find out the implications of South Africa's new technology law Act.
Data Protection & Privacy in Malaysian Total Hospital Information SystemQuotient Consulting
shares the recent presentation at the University of Oxford Centre for Health, Law and Emerging Technologies (HeLEX) on 10th August 2011. He was the academic visitor during the summer of 2011 (1st August 2011 - 19th August 2011). The works and research is under progress.
Personal data Protection Act Singapore How-to Perform AssessmentJean Luc Creppy
Short overview of an approach to conduct an assessment of your corporation to evaluate exposure of against the new Personal data Protection Act in Singapore
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
An introduction to data breach notification and communications requirements under the EU's GDPR, and what it means for communicators and reputation managers
The Protection of Personal Information Act: A PresentationEndcode_org
What does the Protection of Personal information Act mean for business and for cybersecurity? Find out the implications of South Africa's new technology law Act.
Data Protection & Privacy in Malaysian Total Hospital Information SystemQuotient Consulting
shares the recent presentation at the University of Oxford Centre for Health, Law and Emerging Technologies (HeLEX) on 10th August 2011. He was the academic visitor during the summer of 2011 (1st August 2011 - 19th August 2011). The works and research is under progress.
Personal data Protection Act Singapore How-to Perform AssessmentJean Luc Creppy
Short overview of an approach to conduct an assessment of your corporation to evaluate exposure of against the new Personal data Protection Act in Singapore
Accountor together with Vineyard organized a business breakfast on the theme: “NEW PERSONAL DATA LEGISLATION HAS COME INTO FORCE IN RUSSIA: WHAT ARE THE PRACTICAL IMPLICATIONS FOR FOREIGN COMPANIES?” in Helsinki on 15th of October.
Healthcare related data is 20 times more valuable to hackers than financial data. Therefore, measurements need to be taken to safeguard privacy straight from the point of design of systems, procedures and data exchanges that involve the use of medical information.
In my presentation about the safety of healthcare data I explore steps that can be taken to safeguard information within the UK's National Health Service and other private healthcare providers.
Legal Compliance for doing businessin United Kingdom and EuropeCA CISA Jayjit Biswas
Covers brief overview of following laws:
Labour Law Issues
UK Bribery Act
Data Protection Act
Data Retention Act
Regulation of Investigatory Powers Act
Digital Economy Act
General Data Protection Regulations (GDPR) Summary Compliance3
GDPR is an EU regulation that will apply to any business with its customers based within the EU. It is a transformative piece of legislation. Compliance3 has released a summarising document so you can interpret it how you please and see what the impact will be on your business.
A to Z of Information Security ManagementMark Conway
The purpose of information security is to protect an organisation’s valuable assets, such as information, Intellectual property, hardware, and software.
Through the selection and application of appropriate safeguards or controls, information security helps an organisation to meet its business objectives by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets.
In this A to Z I’d like to outline some of the key focus areas for organisations wishing to pursue compliance to the ISO27001 Information Security standard.
Outsourcing and transfer of personal data - Titta Penttilä - TeliaSoneraSonera
Titta Penttilä's research "Outsourcing and transfer of personal data" for Information Security Training Program at Aalto University/ Aalto Pro 16.01.2012. Titta Penttilä is Senior Security Manager at TeliaSonera.
What Churches (and other religious organizations) need to do to comply with the Personal Data Protection Act (Singapore). Churches collect and use a lot of personal data from members as well as visitors, and need to be careful about the data privacy and legal issues that arise because the current Singapore legislation.
These are adapted from a presentation that I gave to a local church that was concerned about what the law required them to do.
Personal Data Protection Act - Employee Data PrivacylegalPadmin
Speech by Pn Adlin Abdul Majid, Advocate & Solicitor from Lee Hishamuddin, given in Labour Law Seminar held by Legal Plus Sdn. Bhd (www.legalplus.com.my) on Apr 9, 2015
Emerging Trends in Information Security and Privacylgcdcpas
Malware infiltrations, spear phishing, data breaches these are scary words with even scarier implications. These threats are hitting the interconnected technology world fast and hard and can no longer be ignored.
Are you doing everything you can to avoid having your data compromised and becoming the next security breach horror story?
To help you answer that question, join the security experts at LGC+D for the Emerging Trends in Information Privacy and Security seminar on Wednesday, August 6th. They will be joined by a dream team panel of IT, legal and insurance experts that deal with these threats every day, and have the experience and knowledge to help you make the right security decisions.
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
Due to the evolution of personalized, data-driven digital marketing, companies now have infinite amounts of personally identifiable information (PII) about their customers; and this stockpile of information continues to grow—at an exponential rate. In fact, according to the Pew Research Center, the volume of business data worldwide—across all industries—doubles every 1.2 years.
But how should you use this treasure trove of data? And at what point does the information known about your consumers—and the ways you use this information—risk consumer privacy? Is there such thing as too much data?
Attend this webinar to learn:
• What your responsibilities are in today’s ‘big data universe’
• How to use your data and meet compliance laws
• Tips for integrating data across channels and platforms
• How to implement the principles of ‘Privacy by Design’
Education law conferences, March 2018, Keynote 2 - 10 steps in 10 weeks to GD...Browne Jacobson LLP
This sessions provides 10 steps schools can take in the 10 weeks leading up to the enforcement of the General Data Protection Regulation on 25 May 2018.
SMS and GDPR - what you need to know to be compliantEsendex
These slides accompanied a webinar hosted on 11th April, 2018, in which the question of 'can I continue to text my customers after GDPR becomes effective' was answered. We cover off the lawful bases for communicating with customers, prospects and ex-customers; privacy policy changes; data controllers and data processors, and your responsibilities as one or the other of these. We then explore the path Esendex is taking to GDPR-compliance, effectively using ourselves as the case study for this presentation.
Similar to Highlights of the Singapore Personal Data Protection Act 2012 (20)
eFuji xerox singapore 3. using real time data to manage and reduce energy costFuji Xerox Singapore
Every month, up to 30% of energy costs could be saved with proper management and reduction of energy cost. While every organisation accounts for external costs such a stationary, meal expenses, and cab fares down to the zero, surprisingly the breakdown of energy costs are rarely taken into account.
Fuji xerox singapore 2. greener, smarter, and more efficient workplaceFuji Xerox Singapore
With increased awareness of dwindling natural resources, businesses are on a quest to ensure they are equipped with sustainable business practices that generate profits in a greener, and more efficient manner
Color digital production press
The industry's first production press with metallic silver and gold printing.
Check out the full specifications in this brochure.
A monochrome (all-in-one) multifunction device with advanced workflow solutions, designed to meet your needs beyond your typical office photocopier.
Check out the full specifications in this brochure.
Color digital production press
An all-in-one solution designed to transform your digital print operation or business.
Check out the full specifications in this brochure.
C7775 / C6675 / C5575 / C4475 / C3375 / C3373/ C2275
Digital Colour Multifunction Device
A new standard in flexibility and efficiency to allow you to work smarter
C7775 / C6675 / C5575 / C4475 / C3375 / C3373/ C2275
Digital Colour Multifunction Device
A new standard in flexibility and efficiency to allow you to work smarter
Streamline your mobile business processes, document management and workflow with Fuji Xerox Mobility Solutions. Our solutions securely and efficiently orchestrate productivity and performance across multiple teams, projects and mobile platforms, including iOS and Android* devices. This means that your business is ready to move with speed, agility and flexibility in the new mobile era.
Digitise Your Advantage. Technology is transforming business processes.
The demand for instant access to information and instant collaboration across numerous devices means anything that can be digitised will be digitised.
Respond to this demand quickly, affordably and securely with the innovative Working Folder service from Fuji Xerox Cloud Solutions.
The perfect personal binder for quick binding with unique presentation. Bound documents can be easily re-opened for adding and removing of pages with the handy zipper provided.
More
• Environmental value
• Responsibility
• Lifecycle approach
• Energy consumption
• Carbon footprint
• Impact on water resources
• Material intensity
• Use of renewable and sustainable raw materials
• Resource efficiency
• Recyclability
• Product safety
Less
• Use of oil-based raw materials
• Harmful substances
• Waste
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
20240605 QFM017 Machine Intelligence Reading List May 2024
Highlights of the Singapore Personal Data Protection Act 2012
1. DAVID HK Lim MBA CEHA
HP: 82886878
Email: davidlim@sgpersonaldataprotection.com
www.SGPDPA2012.com
2. Profile – Short Version
Previously worked for MNCs
- NMB, McDonald’s, Seagate, Maxtor & Sony
Production, Program Mgt & Business
Development
-Asia Pacific, Middle East & South Africa
Own Business
- Database Mining Consultancy
- Real Estate Agency License
- PDPA Seminars & Workshops
3. HIGHTLIGHTS
Singapore Personal Data Protection Act 2012
Contents
1) About SG PDPA Compliance
2) What is Privacy ?
3) What is the Purpose & Why ?
4) Penalties for non compliance ?4) Penalties for non-compliance ?
5) 9 Organisation Obligations
6) Do Not Call Registry
7) Summary of PDPA Compliance Framework
8) 3 Major Recommendations – Management Tools
9) Seminar on 13 Sept 2013, 2pm to 5pm, M. Hotel
4. Seminar – Overview
Just 4 Steps
Systematic Approach
Understanding & ComplianceUnderstanding & Compliance
Singapore Personal Data Protection Act 2012
13 September 2013, 2pm to 5pm, M.Hotel
David HK Lim
SG PDPA Compliance Resources Centre
5. Seminar Overview
Singapore Personal Data Protection Act 2012
Contents Outline
1. What is PDPA 2012
2. Data Protection Provisions
- General Rules / Collection, Uses & Disclosure
- Access & Correction / Care of Personal Data- Access & Correction / Care of Personal Data
3. Do Not Call Provisions
4. Offences, Penalties & Civil Action
5) Summary outline of PDPA Compliance Framework
6) Ten Major Elements of an Effective Compliance
Program.
6. One Stop PDPA Solutions
• Provides One Stop PDPA Solutions
• Work with Professionals, Experts, Businessmen,
Lawyers, IT Data & Security, Others in PDPA
Compliance solutions
• PDPA Compliance Marketing Consultancy
• Conducts PDPA Seminars & Training Workshops
• Provides training for jobs as PDPA Compliance Officers
& Managers
• Supply PDPA trained personnel to companies
• Offer PDPA solutions in IT Data Security & Management
Systems
• SOP PDPA Compliance Manuals by Industry
8. Your company MUST mandatory comply if :-
a) hire any employees
b) sell directly to individuals
c) collects personal data for business
d) deploy cold calls, sms or fax marketing.
• You must appoint ONE Compliance Officer.
• The penalty for non-compliance is up to S$1 million.
• You cannot SMS, Cold Call or Fax to those registered with
Do-Not-Call registry list provided by the government.
• The penalty for DNC non- compliance is S$10,000
9. B2B / B2C / M2M
• B2B – Business to Business
- Not applicable
• B2C Business to Consumer• B2C – Business to Consumer
- Applicable
• M2M – Machine to Machine
- Applicable ?
10. Under this SG PDPA Act 2012 -
Organisation means
• Companies & Businesses
• Sole Proprietors
• Organisations, Societies & Associations
• Churches, Temples & Religious bodies
• Even Individuals included
• All – as long as Personal Data is involved
- Online, On Record – Digital or Physical
11. WHO ARE THE MAIN PERSONNEL INVOLVED PDPA
COMPLIANCE? AND WHY?
• Top Management – Chairman, CEO, MD, & Biz Owners.
- Why ? The Penalty up to S$1 million for non-compliance.
• Human Resources / Compliance - Team
- Employees Data / Legal Counsel / Compliance Policies.
•Sales & Marketing – Do Not Call provisions (DNC)Sales & Marketing Do Not Call provisions (DNC)
• Comply with SMS, Cold Calls & Fax regulations.
• Penalty S$10,000 for organisation.
• IT – Data Security & Management
• Internal threats - Secured & authorised access
• External threats – Firewall & Cloud Computing
• Legal / Contract Laws involving different countries
- eg, EU & Singapore
- More than 50 countries already have PDPA laws & growing.
12. 4 Types of Privacy
• Physical
• Communications
• Spiritual / Intellectual• Spiritual / Intellectual
• Information / Data
13. Type 4 - Information / Data
- Name
- Identity
- Photo
- Income- Income
- Ethnic Group
- Gender
- Age
- Marital Status
- Educational Level
14. What is PDPA about?
• Singapore Personal Data Protection Act
2012
• Passed by parliament on 15 October 2012
Governs the Collection, Uses &• Governs the Collection, Uses &
Disclosure and Retention & Disposal of
Personal Data
• Becomes Law on 2 January 2013.
15. What is the purpose of PDPA ?
• Safeguard individuals personal data
against misuse
• Individuals has control over their data
• Complement sector-specific framework,Complement sector-specific framework,
• Enhance Singapore’s competitive
advantages - data hosting & management
• To be consistent with international
standards
• Complaints based approach
16. What is Personal Identifiable
Information?
• Individually identifiable information, eg Name,
NRIC, passport, photo, credit card, bank
account, DNA, Thumbprint, mobile number,
personal email, etc.
• Any set of matching data, eg name, address,
age, telephone number, occupation, etc.
- Example 1: NRIC or Photo or Credit Card - YES
- Example 2: Name only. Mary Tan alone – NO.
- Example 3: Name with address. Mary Tan, Blk 123,
Yishun St. 61, 01-123 - YES
17. MAJOR METHODS
PERSONAL DATA COLLECTION
• 1) LUCKY DRAWS - RETAIL
• 2) SURVEY FORMS - INSURANCE
• 3) JOB APPLICATIONS – HR
• 4) PHOTOCOPY NRIC - REGISTRATION
• 5) ONLINE MEMBERSHIPS – INTERNET
• 6) COOKIES – EMBEDDED SOFTWARES
• 7) WARRANTY CARDS – SERVICE CENTRES
• 8) “HACKING” – ESPIONAGE
18. 4 MAIN COMPONENTS OF PDPA
MUST REMEMBER & TO COMPLY
• 1) COLLECTION & CONSENT
• 2) USES & DISCLOSURE
• 3) RETENTION & DISPOSAL• 3) RETENTION & DISPOSAL
• 4) DO NOT CALL REGISTRY
Personal Data of -
• Employee’s personal data (HR Dept)
• Customer’s personal data (individuals)
19. 2 Examples – By Industries
Why must comply?
Example 1: SPAs
• HR Dept. Employees Personal Data involved
• Customers Contracts. Customers Individual Personal
Data involved.
• Telemarketing / SMS. Individual Personal Data involved
name / mobile or telephone number– name / mobile or telephone number
Example 2: Leisure Cruises – many countries.
• HR Dept. Employees Personal Data involved
• Members. Customers individual Personal Data involved.
• Telemarketing / SMS / Fax. Individual Personal Data
involved – name / mobile or telephone number
• Transfer of Personal Data – different port of call.
20. Take Note: 3 Penalties of PDPA
• 1) No Compliance Policy
- Penalty for organisation up to S$1 Million
• 2) Non-Compliance Access & Correction
Penalty S$5,000 + Jail Term 12 months- Penalty S$5,000 + Jail Term 12 months
• 3) Violation of Do-Not-Call provision
- Penalty S$10,000 per violation
21. 9 Obligations ALL Organisations
MUST Comply
• 1) The Openness Obligation.
• 2) The Consent Obligation.
• 3) The Purpose Limitation Obligation.3) The Purpose Limitation Obligation.
• 4) The Notification Obligation.
• 5) The Access and Correction Obligation.
• 6) The Accuracy Obligation.
• 7) The Protection Obligation.
• 8) The Retention Limitation Obligation.
• 9) The Transfer Limitation Obligation.
22. National Do-Not-Call Registry
• “STN” : Singapore Telephone Number
• Beginning with 3, 6, 8 or 9
• “Specified Message” relating to supply,
promote of goods & services, land,promote of goods & services, land,
business opportunity, obtaining
information, etc
• Either Sender or Receiver in Singapore
23. What is National Do Not Call (DNC)
registry about & coverage?
• Opt Out option for individuals NOT to receive
any direct marketing
• Applicable to 3 registry-
a) Telephone Registry: Voice calls (cold calls)a) Telephone Registry: Voice calls (cold calls)
b) Text Registry: SMS (text message)
c) Fax Registry: Fax
• Direct Mailing (postal mailing) not included
• Email is not included
25. Summary of PDPA Compliance
Framework
• 1. Appointment of Data Protection Compliance
Officer
• 2. PDPA Compliance System
• 2.1. Data Protection Policy2.1. Data Protection Policy
• 2.2. Compliance with 9 Organisation Obligations
• 2.3. Compliance with the Do Not Call Provision
• 2.4. Handling Complaints
• 2.5. Communication of Policies & Practices
• 2.6. HR issues.
26. 3 MAJOR Recommendations
for nominated Compliance Officer
Management Tools
• Design & Deploy Fact Finding Book
- to manage & track whose fault - “Fault Finding Book”
Data Encryption & Security Solutions• Data Encryption & Security Solutions
- to manage & track digital data usage & security
• Physical Data Security Solutions
- to manage & track physical documents & disposal
27. Seminar
• Date: 13 September 2013. 2pm to 5pm.
• Venue: M. Hotel. Anson Road/
• Fee: S$650 per pax./ S$1,250 – 2pax.
• Early Bird: S$600 per pax / S$1,225 – 2
pax. Register & paid up before 30 August
2013
• Limited to 20 pax only.