Singapore finally passes personal data protection bill

Singapore finally passes personal data protection bill

Summary: Slated to become law by January 2013, the bill aims to prevent private organizations from misusing personal data, and will be enforced by regulatory bodies and financial penalties.


The Singapore parliament on Monday night finally passed the personal data protection bill that is designed to safeguard an individual's personal data against misuse. It encompasses a national Do-Not-Call registry and a new enforcement agency will be tasked to regulate the management of personal data by businesses and impose financial penalties.

In his speech, Yaacob Ibrahim, the Minister for Information, Communications and the Arts (MICA), said Singapore had adopted a sectoral approach to data protection, but there was need for a general data protection framework to ensure a baseline standard of protection for personal data across the economy.

Personal data is defined as data that relates to an identifiable individual, whether the data is stored in electronic or non-electronic form.

Singapore's personal data protection law will give individuals more control over their personal data, since they have to give consent and be informed of the purposes for which organizations collect, use, or disclose the information.

They can seek compensation for damages directly suffered from a breach of the data protection rules through private rights of action.

The Bill applies to all organizations across the private sector, but does not cover the public sector which already has its own set of data protection rules with which all public officers must comply, MICA said.

In order to tackle the issue of unsolicited telemarketing calls and messages, a National Do-Not-Call (DNC) Registry will be created by early 2014. The registry prohibits organizations in Singapore from sending specified messages to any Singapore telephone number registered with the DNC, unless the owner of the telephone number has given consent to be contacted for marketing purposes.

A Personal Data Protection Commission (PDPC) will also be set up to serve as the country's main authority on matters relating to personal data protection and enforce data protection rules. If an organization is non-compliant, the PDPC may impose a maximum financial penalty of S$1 million (US$818,150).

Companies found to have violated the data protection rule may be fined up to S$10,000 (US$8,181) per customer complaint.

To give time for businesses to adjust, the data protection law will be implemented in a phased approach, Yaacob said. It is slated to become an official Act by January next year, while enforcement is scheduled to begin mid-2014.

The minister added that a data protection law will enhance the country's competitiveness and strengthen its position as a trusted business hub. He said this put Singapore on par with others that had already enacted data protection legislation, such as Canada, New Zealand, Hong Kong, which data protection frameworks were studied by MICA.

The Singapore Data Protection Law had been a long time coming. The government's review of data protection legislation in the country was first mooted during the early 2000s and was finally completed in February 2011 to be put up for parliamentary debate.

The Bill went through three rounds of public consultations for input, conducted by MICA, where the third and final round was held in March this year and finalized on Apr. 30.

It was only last month that the proposed Personal Data Protection Act (PDPA) got its first reading in Parliament.

Topics: Privacy, Government Asia, Legal, Singapore

Jamie Yap

About Jamie Yap

Jamie writes about technology, business and the most obvious intersection of the two that is software. Other variegated topics include--in one form or other--cloud, Web 2.0, apps, data, analytics, mobile, services, and the three Es: enterprises, executives and entrepreneurs. In a previous life, she was a writer covering a different but equally serious business called show business.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Personal Data Protection

    This is GOOD. Hope all countries enact such laws. Personal Data is being misused all over especially by the telemarketing organisations to spread unwanted information that the viewer might NOT want. If the viewer wants to get information, the viewer will seek it out, but why force them to view/listen? Also, such personal data is also being misused for other purposes as well.
    P K Pal
  • Logging a report

    How can one go about reporting this case should he find his personal data being misused?