Personal data protection - building trust, recognising responsibility
SPEECH BY MINISTER FOR COMMUNICATIONS AND INFORMATION DR YAACOB IBRAHIM, AT THE OFFICIAL LAUNCH OF PERSONAL DATA PROTECTION COMMISSION AND INAUGURAL PERSONAL DATA PROTECTION SEMINAR AND ON WEDNESDAY, 15 MAY 2013, 1.45PM AT GRAND COPTHORNE WATERFRONT HOTEL
Keynote speaker, Mr Timothy Pilgrim, Privacy Commissioner,
Office of the Australian Information Commissioner
Members of our Boards and Committees
Ladies and Gentlemen
1. It is my pleasure to join you this afternoon at the inaugural Personal Data Protection Seminar and the official launch of the Personal Data Protection Commission.
Balancing innovation and personal data protection
2. We live in a world of possibilities. With just a tap of a finger on our mobile phones, we can now send messages to anyone on the other side of the world, update families and friends about our lives or even enjoy e-shopping in a global marketplace!
3. The Internet, cloud computing, and mobile devices allow each of us to access our data anywhere, any time. At the same time, we increasingly, wittingly or unwittingly, leave digital traces, disclosing information about ourselves to people whom we have never met; and entrusting our data without knowing where and how our personal data is being stored and processed.
4. From the businesses’ perspective, technological advances have given insights into customers’ needs, wants and behaviours. Businesses collect data to deliver personalised services and customised products. However, as these technologies become more intelligent and intrusive, there is an increasingly higher risk of consumers’ personal data being misused. Thus, we need to put in place safeguards to regulate the use of consumers’ personal data in today’s sophisticated technological landscape.
PDPA benefits consumers and businesses
5. In sum, what we need to do is to build trust – in a way that protects consumers but at the same time, recognises the responsibility that businesses have when using data for legitimate purposes. This is where the Personal Data Protection Act, or PDPA, comes in. Enacted on 2 January 2013, the PDPA aims to protect individuals’ personal data against misuse, while promoting proper management of personal data in organisations. The PDPA requires that organisations collecting, using and disclosing personal data notify their consumers of the purposes of such data activities and seek the consent of these individuals. This gives individuals better control over the disclosure of their personal information, at the same time enabling businesses to gain consumers’ trust and confidence.
6. As a baseline law, the PDPA ensures a common standard for protection of individuals’ personal data across all economic sectors, and will be administered concurrently with other sectoral legislative and regulatory frameworks in Singapore. It will also put Singapore on par with the growing list of countries that have enacted data protection laws and facilitate cross-border transfers of data, thereby helping Singapore to retain our competitive edge and strengthening our position as a trusted business hub.
Launch of public consultation on the Do Not Call Registry
7. One aspect of the PDPA that has attracted a lot of attention is the Do Not Call Registry, or DNC Registry. To ensure that the DNC Registry benefits both consumers and businesses without adding unreasonable costs and inconveniences to either parties, the Personal Data Protection Commission (PDPC) - Singapore’s main authority in matters relating to personal data protection; and administrator and enforcer of the PDPA, will be launching a three-week long public consultation exercise on the DNC Registry today. The public consultation aims to seek views on the methods and requirements for number registration on the registry, as well as business operating rules and proposed charges to be levied for this service. I encourage individuals and companies to participate in this exercise.
8. The PDPC will examine the feedback received and oversee the development and operation of the DNC Registry. The Registry will come into effect on 2 January 2014, and the personal data protection requirements will come into effect on 2 July 2014.
PDPC to help organisations and individuals
9. The PDPC also undertakes public and sector-specific educational and outreach activities to help organisations adopt good data protection practices and help individuals better understand how they may protect their own personal data from misuse.
10. Over the past few months, the PDPC has engaged more than thirty associations in their outreach programmes, including the Singapore Business Federation, the Association of Banks in Singapore, and the Consumer Association of Singapore.
11. The PDPC will adopt a two-pronged approach to help organisations, in particular small-and-medium enterprises (SMEs) to comply with the Act. They are: building organisation’s capabilities and knowledge of PDPA and personal data protection; as well as providing organisations customised advice on personal data protection in Singapore. Allow me to elaborate.
12. First, the PDPC will develop organisations’ capabilities and knowledge of the PDPA and personal data protection. Personal Data Protection Workshops will be organised by the PDPC and open for organisations and their data protection officers to register from June 2013. These workshops are expected to be conducted on a fortnightly basis.
13. The PDPC is also collaborating with other agencies to provide support. Together with SPRING Singapore, the PDPC will provide support and advice to SMEs on personal data protection matters through SPRING’s SME Centres. The PDPC is also working closely with the Singapore Workforce Development Agency to include a data protection training course under their Business Management Workforce Skills Qualifications framework. The training course is expected to be available before end 2013.
14. The PDPC also intends to organise annual conferences such as today’s seminar, to promote information exchange and the sharing of ideas and best practices by thought leaders and organisations in data protection.
15. Next, the PDPC will provide organisations customised advice on personal data protection in Singapore. Organisations that require help on adjusting their processes with the coming into force of the PDPA requirements, can apply through a form on the PDPC website for customised guidance. More information on how organisations could write in to seek advice is available on the PDPC’s website.
16. In addition, the PDPC has also developed an online repository of resources to help both organisations and individuals on its website. These resources have been accessed by close to 6,000 visitors since its launch in January 2013. The public can look forward to online publications for quick tips and even an online consumer guide in the upcoming months.
17. In conclusion, I am confident that both Singaporeans and businesses in Singapore will benefit from the new Personal Data Protection regime. I hope the efforts of the PDPC will also help businesses and organisations gain greater clarity on the requirements under the Act. In closing, I would like to wish all of you a fruitful and insightful seminar today.