One of the most common questions raised by companies wanting to find a way around the upcoming data protection legislation is whether they can simply outsource their marketing efforts to a contractor outside Singapore. This myth needs to be debunked.
The simple answer is that the loophole has been covered in the draft legislation.
As long as the personal data in question has a Singapore "link"--in that it was collected from someone physically present in Singapore or the data was located locally when it was collected--or its use or disclosure was in Singapore, the Data Protection Act will apply.
These requirements also extend the reach of the legislation to Internet sites which operate outside of Singapore but have users in the country, and organizations that process their data in Singapore. The legislation applies to companies that process data on behalf of contract clients, too.