The Personal Data Protection Commission in Singapore advises organisations to avoid over-collecting personal data such as NRIC numbers if it is not required for their business or legal purposes. Many businesses currently collect NRIC numbers for verification and auditing. The Personal Data Protection Act does not specify when NRIC numbers should be collected, leaving some businesses unsure of how to adjust their policies. The Commission is providing advisory guidelines and says organisations should review any processes involving personal data like NRIC numbers to ensure compliance with the new law.
California Consumer Privacy Act and the Role of IAMWSO2
This deck explores the basics of the CCPA including what CCPA is, how enterprises can prepare for it, a comparison with GDPR, and how IAM can help with CCPA and other privacy regulations.
Watch the On-Demand Webinar here - https://wso2.com/library/webinars/2019/04/california-consumer-privacy-act-and-the-role-of-iam/
California Consumer Privacy Act: What your brand needs to knowOgilvy Health
Joe Youssef provides an insightful overview of the California Consumer Privacy Act (CCPA) that will take into effect in 2020. This presentation explores the key principles of the CCPA and how brands can prepare to ensure they are compliant with the policy.
This is a presentation comparing the high level differences between the General Data Protection Regulation (GDPR) of the european union and the recently enacted California Consumer Privacy Act (CCPA). The presentation covers topics such as recent events in data privacy, who must comply with the laws, what is considered personal information, and requirements that organizations must follow under both laws.
California Consumer Privacy Act - What You Need To KnowTokenEx
The California Consumer Privacy Act (AB 375, or CCPA for short) is a law passed by California’s state legislature in June of 2018. The new law will likely have major implications for organizations that obtain, process, or store the personal data of any California resident.
California Consumer Privacy Act and the Role of IAMWSO2
This deck explores the basics of the CCPA including what CCPA is, how enterprises can prepare for it, a comparison with GDPR, and how IAM can help with CCPA and other privacy regulations.
Watch the On-Demand Webinar here - https://wso2.com/library/webinars/2019/04/california-consumer-privacy-act-and-the-role-of-iam/
California Consumer Privacy Act: What your brand needs to knowOgilvy Health
Joe Youssef provides an insightful overview of the California Consumer Privacy Act (CCPA) that will take into effect in 2020. This presentation explores the key principles of the CCPA and how brands can prepare to ensure they are compliant with the policy.
This is a presentation comparing the high level differences between the General Data Protection Regulation (GDPR) of the european union and the recently enacted California Consumer Privacy Act (CCPA). The presentation covers topics such as recent events in data privacy, who must comply with the laws, what is considered personal information, and requirements that organizations must follow under both laws.
California Consumer Privacy Act - What You Need To KnowTokenEx
The California Consumer Privacy Act (AB 375, or CCPA for short) is a law passed by California’s state legislature in June of 2018. The new law will likely have major implications for organizations that obtain, process, or store the personal data of any California resident.
The CCPA is set to be the toughest privacy law in the United States and a trailblazer for future state and potentially federal legislation. The Act expands the rights of consumers and requires businesses falling within its scope to be significantly more transparent about how they collect, use, and disclose personal information. Any business in scope are required to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the 2020 deadline.
This webinar will review:
-10 step plan to reach CCPA compliance by the end of the year
-Key areas still under discussion and feedback from open forums
-How enforcement will work; private action and regulator enforcement
These are the top questions we are asked about the CCPA along with our recommendations based on our experience working with clients.
We reveal key innovations and approaches for CIOs/CISOs to consider when designing their privacy operations, enabling efficiency and secure auditability when dealing with individual rights requests, consent management and more.
Questions? Contact us here: hello@truyo.com
Common Data Protection Issues in Managing M&A DealsMatheson Law Firm
This article explores the potential application of the GDPR in running a typical Irish merger or acquisition and sets out some practical guidelines on how parties to the transaction can demonstrate compliance with the GDPR requirements.
New China Data Center Helps Gigya’s Clients Manage Compliance with New Chinese Cybersecurity Law.
As businesses expand into new markets to grow their customer bases through digital initiatives, compliance with widely variable data protection and privacy regulations is now one of the key competitive differentiators between industry leaders
and losers.
Hey that's my client! Protecting client lists and confidential information wh...Mike Fourcher
Presented by Jennifer E. Novoselsky, Reyes Kurson, Ltd. at 2018 NAMWOLF Conference
A company’s client lists and related intelligence, such as risk tolerance or purchasing history, are extremely valuable and must be protected. This program will explore the application of trade secret law to client lists, provide practical steps to safeguard these lists and quickly detect misappropriation, and identify the litigation options available when a former employee pilfers the company client list and uses it to solicit clients. With a Chicago pop culture theme, the program will help you answer three critical questions: (1) Are my client lists and information protected trade secrets? (2) What steps should the company take to protect this information and our client relationships? (3) Our employee just resigned, copied our client list and is soliciting our customers – how can I stop her?
The CCPA is set to be the toughest privacy law in the United States and a trailblazer for future state and potentially federal legislation. The Act expands the rights of consumers and requires businesses falling within its scope to be significantly more transparent about how they collect, use, and disclose personal information. Any business in scope are required to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the 2020 deadline.
This webinar will review:
-10 step plan to reach CCPA compliance by the end of the year
-Key areas still under discussion and feedback from open forums
-How enforcement will work; private action and regulator enforcement
These are the top questions we are asked about the CCPA along with our recommendations based on our experience working with clients.
We reveal key innovations and approaches for CIOs/CISOs to consider when designing their privacy operations, enabling efficiency and secure auditability when dealing with individual rights requests, consent management and more.
Questions? Contact us here: hello@truyo.com
Common Data Protection Issues in Managing M&A DealsMatheson Law Firm
This article explores the potential application of the GDPR in running a typical Irish merger or acquisition and sets out some practical guidelines on how parties to the transaction can demonstrate compliance with the GDPR requirements.
New China Data Center Helps Gigya’s Clients Manage Compliance with New Chinese Cybersecurity Law.
As businesses expand into new markets to grow their customer bases through digital initiatives, compliance with widely variable data protection and privacy regulations is now one of the key competitive differentiators between industry leaders
and losers.
Hey that's my client! Protecting client lists and confidential information wh...Mike Fourcher
Presented by Jennifer E. Novoselsky, Reyes Kurson, Ltd. at 2018 NAMWOLF Conference
A company’s client lists and related intelligence, such as risk tolerance or purchasing history, are extremely valuable and must be protected. This program will explore the application of trade secret law to client lists, provide practical steps to safeguard these lists and quickly detect misappropriation, and identify the litigation options available when a former employee pilfers the company client list and uses it to solicit clients. With a Chicago pop culture theme, the program will help you answer three critical questions: (1) Are my client lists and information protected trade secrets? (2) What steps should the company take to protect this information and our client relationships? (3) Our employee just resigned, copied our client list and is soliciting our customers – how can I stop her?
What to expect from the New York Privacy ActVISTA InfoSec
In the recently proposed bill of the New York Privacy Act in the House and Senate, businesses may soon have to gear up for this new data privacy law. If enforced, the law may severely impact businesses, restricting their operations in the way how they collect, use and share consumer’s personal information throughout the State.
DIRECT MARKETING UNDER INDIA’S NEW DIGITAL DATA PROTECTION LAWSpice Route Legal
Direct marketing is the promotion or marketing of a product or service directly to customers. It may be undertaken through various modes such as email or social media campaigns, or through telemarketing. There is no single law specifically regulating direct marketing in India. On August 11, 2023, India enacted the fourth iteration of its data protection bill into law, that is, the Digital Personal Data Protection Act, 2023 (“DPDPA”). The Indian government has yet to notify dates for its
enforcement. Check this PDF for detailed information:
On 25 May 2018, the EU’s General Data Protection Regulation
(GDPR) came into effect and applies to all businesses – regardless of size - operating in the U.K., as well as all businesses outside the EU that collect or process the data of EU citizens and residents.
The purpose of this document is threefold:
1: Introduce the GDPR and highlight key pieces of the legislation
that should be front-of-mind for business owners
2: Lay out a path for businesses to follow to ensure compliance
by May 2018
3: Address questions put forward by businesses that completed
our GDPR survey
Here's a short presentation on the GDPR, first presented at the Morning Advertiser MA500 event in Edinburgh on 14th September. This is an overview regulations.
Luis Alberto Montezuma provides his insight on the latest sanctions imposed by the Colombian Data Protection Authority (the Superintendence of Industry and Commerce, or SIC) for using personal data to send direct marketing without first obtaining the consent of data subjects.
Data protection is all about respecting an
individual’s right to privacy and the new data
protection regulations, currently going
through final review by the European
parliament, will provide organizations with
the momentum they need to manage their
data more effectively. But what do you need
to do in order to ensure your organization
complies with data protection legislation
while increasing customer satisfaction?
1. hot news today•Thursday11July20134
As a best practice,
organisations should
avoid over-collecting
personal data, including
NRIC numbers, where this
is not required for their
business or legal purposes.
Personal Data Protection Commission
Businesses want more
clarity on Personal
Data Protection Act
Ashley Chia
ashley@mediacorp.com.sg
SINGAPORE — The newly-enacted Per-
sonal Data Protection Act (PDPA),
which requires individuals to be in-
formed and consent gained if organi-
sations are collecting personal data,
does not prescribe the circumstances
underwhichNRICnumbersshouldbe
provided — posing a conundrum for
some organisations here as they ad-
just their policies and practices.
The collection of NRIC numbers is
a common practice among a variety
of businesses here and those which
spoke to TODAY said it serves verifi-
cationandauditpurposestoascertain
a person’s identity and they would like
more clarity on the laws.
For example, telecommunications
companies need customers’ NRIC
numbers for regulatory requirements
and some businesses ask visitors for
NRICnumbersbeforetheyareallowed
to enter secured office premises.
Responding to TODAY’s queries,
a spokesperson for the Personal Data
Protection Commission (PDPC) said
it will be publishing the final adviso-
ry guidelines to organisations before
the end of this year. It had conducted
two public consultations — one ended
in April, the other last month — after
it published an initial set of advisory
guidelines on its website.
TheActdoesnotprescribethetype
of personal information an organisa-
tion can collect. Nevertheless, the PD-
PCguidelinessaid:“Asabestpractice,
organisations should avoid over-col-
lecting personal data, including NRIC
numbers,wherethisisnotrequiredfor
their business or legal purposes. Or-
ganisations should consider whether
there may be alternatives available
that address their requirements.”
TGIF Bazaars, the operator for
Sentosa’s Boardwalk Bazaars, said
it needed vendors to produce either
their NRIC, passport, Work Pass or
business registration numbers in or-
der to secure a booth.
Its spokesman pointed out that
these identification numbers are the
“only known ways” to validate the le-
gality of a vendor’s participation and
itis“apartofourresponsibility”tore-
questforsuchinformation.Thesenum-
bersmayalsobeneededforaccounting
and audit and may also be “required”
by the authorities here, he added.
SingTel said it had several ways to
verify the identity of its customers.
Act does not prescribe the type
of personal information
an organisation can collect
“At our shops, verification is done by
checking customers’ NRIC. Another
way is to send a one-time password
to customers’ mobile phone via SMS,”
said a company spokesperson.
While it does not share person-
al information with any third-party
organisations without consumers’
expressed permission, SingTel said
NRIC numbers are collected as part
ofregulatoryrequirementswhencus-
tomers subscribe to its services.
During the PDPC’s public consul-
tation in April, some companies also
called for the commission to provide
more clarity on the use and collection
of NRIC numbers. For example, the
Singapore Press Holdings asked for
clarification on whether an individu-
al can be refused entry into secured
office premises if they object to their
NRIC card being retained.
The PDPC had previously noted
that NRIC numbers are of “special
concern” to individuals as they are
unique to each person and are used
in many official transactions with
the Government.
Government agencies and statuto-
ry boards are excluded from the law
— which was passed in Parliament in
October last year — as they are gov-
erned by internal rules, most of which
have not been made public.
Organisations have 18 months to
adjust to the Act, between January
this year and July next year, when the
rules come into force.
Under the Act, organisations must
make “reasonable” security arrange-
ments to protect personal data in its
possession or under its control in or-
der to prevent unauthorised access,
collection, use, disclosure, copy-
ing, modification, disposal or “simi-
lar risks”.
The PDPC noted that there is no
“one size fits all” solution for organ-
isations to comply with the new law
andeachorganisationshouldconsider
adopting security arrangements that
are “reasonable and appropriate in
the circumstances”.
“Organisations such as TGIF Ba-
zaarsareadvisedtoreviewtheirproc-
esses that involve personal data, in-
cludingNRICnumbers,toensurethat
they comply with the PDPA when the
act comes into effect. There is no en-
forcement during the transition peri-
od,” the PDPC spokesperson said.
concern over COLLECTION OF NRIC NUMBERS