Singapore seeks input for data protection law

SINGAPORE--The country took another step toward a data protection law regime after the Ministry of Information, Communications and the Arts (MICA) set up an online consultation platform to consolidate public feedback on the scope--data management rules and enforcement regulations, among others--the legislation should have.

According to a press release issued by MICA, the online consultation platform was turned on Tuesday and will stay open until 5p.m. on Oct. 25. Citizens are asked to provide feedback on the scope of coverage the Data Protection Bill should encompass, the proposed data management rules for organizations, penalty and enforcement rules as well as transitional arrangements for organizations before the law is enforced, the ministry stated.

It noted that the proposed data protection framework aims to protect consumers' personal data through regulation of the collection, use, disclosure, transfer and security of personal data.

"MICA hopes to introduce a basic, broad-based data protection law applicable to private organizations, to create a balance between the need to protect individuals' personal data vis-à-vis the need for organizations to use the data for legitimate and reasonable purposes," the ministry stated.

Lui Tuck Yew, then-Minister for the Information, Communication and the Arts, had noted in February that the proposed law was designed to curb excessive and unnecessary collection of individuals' personal data by businesses, and to include requirements such as obtaining the consent of individuals to disclose their personal information.

Additionally, the Singapore government is also seeking consumers' opinion on the feasibility of setting up a national "Do-Not-Call Registry", in which consumers will be able to register their phone numbers to indicate their wish to opt out of unsolicited telemarketing calls or short message service (SMS).

Bryan Tan, director at Keystone Law and a ZDNet Asia blogger, noted in his blog post Wednesday that an "eye-catching point" of the proposed data protection framework was that government use of consumer information was not covered in the proposed law. This, he explained, was because there were already "internal procedures" in place.

Also, there will be a one- to two-year transitional period for companies to comply with the legislation once it is passed, and the proposed Data Protection Commission has powers to impose fines of up to S$1 million (US$807,800) on offenders, Tan pointed out.

While Singapore's data protection law has been in the works for several years, other Asian economies such as Malaysia and India have already passed their respective laws. Malaysia's Personal Data Protection Act came into effect in April last year, nine years after the bill was first drafted in 2001, while Clause 43A of the Indian IT (Amendment) Act 2008 protects the privacy of Indians and has provisions for the punishment of a breach in the disclosure of personal information.

In September 2007, the Indian government also enacted the country's Do-Not-Call directive, allowing subscribers to list their landline and mobile numbers under the National Do Not Call database to opt out of receiving unsolicited commercial communications including SMS.