Are smaller firms more likely to breach Singapore's data protection bill?

Summary:Singapore finally passed its Personal Data Protection Act last week. Which businesses will be most affected? And will it favor the Goliaths over the Davids?

Singapore reached its first data protection milestone with the passing of the Personal Data Protection Act (PDPA) on Oct. 15, 2012.

Data protection is not foreign to Singapore businesses, with the banking, health, and telecommunications sectors already having some form of data protection legislation. However, this represents the first general data protection legislation which cuts across all industries, except the goverment.

Very quickly, the MPs in Parliament warned that big companies with resources would be able to handle the new legislation with ease but smaller ones would be faced with mounting costs. Is there any truth in such assertions?

To answer that, we only have to look back to 2004 when Singapore passed its first Competition Act. A similar piece of general legislation which cuts across all industries, the Competition Act had a transition period before enforcements took root and a number of parties were hauled up for investigation.

A brief glance at the enforcement decisions investigated reveals modelling agencies, the medical profession, foreign domestic worker agencies, bus tour companies, pest control providers, and engineering sub-contractors, were among those hauled up. The demographic suggests local small and midsize enterprises, rather than larger entities, were more susceptible to breaches of the Competition Act.

The similarities with the PDPA suggest the demographic of those vulnerable will not be any different this time around. It is not hard to figure out why--local entities have been comfortable with operating in a non-competition, regulated, and non-privacy regulated environment. The introducton of general legislation is akin to hiring a vegetarian to work in a steakhouse.

Education and consultation are cited as measures to smoothen the introduction of the PDPA, but these were also done when the Competition Act was introduced.

Will these be adequate this time around? Otherwise, a cultural shock of sorts lie in wait for many Singapore companies.

Topics: Legal, Government : Asia, Privacy, Singapore

About

Bryan is Pinsent Masons's technology media and telecommunications partner in Singapore and has practised since 1997. He advises on contracting and risk management in the areas of information systems and telecommunications, including intellectual property, data data privacy, e-commerce, cloud computing, and sourcing. Bryan also has adv... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.