Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Singapore to have personal data protection law this year

Zafar Anjum | March 20, 2012
Organisations worried about the extent of the law and penalties stated in a draft Bill.

A legislation to protect consumers' personal data will be tabled in Singapore Parliament by the third quarter of this year, according to local media reports.

The proposed law will protect information that identifies an individual. These include identity numbers such as NRIC and mobile phone numbers and visual identifiers.

The law will not only apply to businesses that are based in Singapore but also to 'any organisation collecting, using, disclosing, transferring and storing data' within the republic. This will clearly have repercussions for the data industry here in Singapore.

The Ministry of Information, Communications and the Arts (MICA) made the draft Bill public yesterday. In it, it has been proposed that there will be a "sunrise period" of at least 18 months after the Bill is passed. This period will be crucial for organisations to adjust and put in procedures to comply with the new regime.

The key proposals of the draft Bill, drawn up after two rounds of public consultation, are as follows:

  • Text and multi-media messages - besides calls and faxes - will be included under the do-not-call (DNC) registry.
  • Separate lists will be maintained, so consumers can choose to opt out of all modes of communication, or just one.
  • However, data already collected before the law comes into effect will be exempt. This will require that the original purpose for which the existing data was collected must not change. If it changes, consent must be obtained again.
  • Businesses can only retain data until it is no longer necessary for business or statutory purposes. After this, the data must be destroyed or made anonymous.

This new legislation will affect data collectors more than the data intermediaries. Banks and other financial institutions will be surely affected, reports say.

The enforcement of these laws will come under a data protection commission (DPC).

According to MICA, the DPC will likely be formed as a new unit under the Infocomm Development Authority (IDA).

The Business Times reported today that the inclusion of overseas companies under the new law might worry some firms. "While Mica acknowledged that the extended coverage will pose challenges to the law's implementation and enforcement, it said it will look into the feasibility of cross-border partnership with regulators overseas," the paper said in a report.

Some smaller firms are also concerned about financial penalties of up to $1 million, the report said.


1  2  Next Page 

Sign up for MIS Asia eNewsletters.