Personal Data Protection Seminar 2015
SPEECH BY DR YAACOB IBRAHIM, MINISTER FOR COMMUNICATIONS AND INFORMATION, AT THE PERSONAL DATA PROTECTION SEMINAR 2015 ON 8 MAY 2015 AT 9.10AM AT THE RITZ-CARLTON, MILLENIA SINGAPORE, GRAND BALLROOM
Protecting personal data is important in building trust. Dr Yaacob announces an outreach effort by the PDPC and CSA to help companies protect their data from cyber threats, as well as the Law Society’s support in helping SMEs build capabilities in data protection.
Ladies and gentlemen,
Since Singapore’s Personal Data Protection Act, or the PDPA, came into effect last year, we are seeing growing awareness among organisations of their duty to protect personal data. At the same time, consumers are also becoming more discerning in the use of their personal information by organisations, and have seen the benefits of having the PDPA.
Personal Data Protection and Trust
2 We have made good progress in strengthening personal data protection across Singapore, but we cannot let up on our efforts. Singapore has embarked on a journey towards becoming a Smart Nation, and a key enabler of our ambitions is the ability to implement data analytics solutions to gain insights that will allow us to deliver more responsive services to Singaporeans. At the same time, companies are also rolling out Big Data initiatives and realising benefits in terms of greater productivity and business effectiveness.
3 Amidst this background, it is inevitable that the volume of personal data held by our companies and organisations will grow, perhaps exponentially. Data will increasingly be a key driver of business operations in our economy. Therefore, personal data protection will be increasingly critical as an enabler. Without the assurance that our information is protected, we will not be able to have confidence and trust in our organisations’ use of our personal information.
4 I am therefore encouraged to see that a majority of organisations, big and small, have taken concrete actions to implement data protection measures in their businesses. I would like to highlight, in particular, the example of Carpe Diem, a childcare service provider.
5 For those of us who are parents, I think it’s safe to say that choosing a childcare service is a significant exercise in trust – built upon the assurance that our children’s safety and security are in good hands. Carpe Diem was concerned about the risk of unauthorised disclosure of personal data of its charges and their parents. And so, it set out to review its processes following the introduction of the PDPA. It traced how information about parents and children were collected, used, and disclosed, in order to identify potential areas where data could be compromised. It then enhanced and streamlined the process to reduce the risk of compromise. In the process, it realised that it was collecting unnecessary information that it did not use, and was able to increase its productivity by cutting down redundant data entry!
6 This exercise involved some costs, but Carpe Diem saw tangible benefits that outweighed these costs. By undertaking the review, Carpe Diem was able to gain its clients’ trust in its professionalism and business processes. In a business that depends on parents entrusting their children to them, this is an important competitive advantage. I would like to urge businesses that have not already done so, to follow the examples of other companies that are reaping the benefits of implementing better data protection.
7 You have heard Keng Thai stress the importance of building up capabilities among our companies in personal data protection, and that this will be PDPC’s priority this year. I am pleased therefore to announce that PDPC will be collaborating with the Law Society of Singapore to establish a legal advice scheme to provide basic legal advice to SMEs. Through this scheme, SMEs will be able to obtain a baseline assessment of their compliance with the PDPA. PDPC and the Law Society will be launching this scheme on 1 June.
8 I would like to commend the Law Society for taking on this initiative and enlisting the legal fraternity to support the Commission in its efforts to develop our SMEs’ data protection capabilities.
9 Besides this, PDPC continues to stay committed to helping companies comply with the PDPA. This is especially so for smaller companies which may be less familiar with implementation matters. I am happy to note that PDPC is issuing guidelines to provide organisations greater clarity on the circumstances where an individual’s consent is needed for the collection, use and disclosure of personal data. PDPC will also provide companies ready-to-use templates to obtain such consent, in response to feedback from companies. From 1 June this year, more companies will also benefit from PDPC’s plan to double the number of free credits from 500 to 1,000 when companies check the Do-Not-Call Registry.
Protecting information from cyber threats
10 Besides reviewing work processes, one aspect of personal data protection – and data protection in general – that has become increasingly important and will remain so in the years to come, is IT security and protection against cyber threats. We have all read about high-profile data incidents both in Singapore and globally. Many organisations are not adequately prepared to meet this challenge, or are only just beginning to confront this threat seriously.
11 In Singapore, we are acutely conscious of the need to help our organisations enhance their IT security, especially the SMEs – which have fewer resources at their disposal. The establishment of the Cyber Security Agency of Singapore (CSA) last month is an indicator of the seriousness with which the Government views cybersecurity. One key prong of CSA’s strategy for boosting Singapore’s cyber defences is engagement and outreach to organisations, including those that collect and use personal data.
12 In this respect, I am happy to note that PDPC and the Cyber Security Agency of Singapore (CSA) will be releasing two guides for organisations today. The first provides organisations with a series of steps on how to protect personal data in electronic form, while the second is a guide on managing and responding to data breaches. Both guides will be available on the PDPC’s website beginning from today, and have been written to be simple to understand and easy to implement.
13 This is only the first step in CSA’s community outreach efforts since its establishment; CSA will be mounting a sustained effort in the coming months to partner industry in enhancing cybersecurity preparedness. On its part, PDPC will also continue to prioritise helping businesses – particularly our SMEs – protect personal data.
14 In concluding, personal data protection and cybersecurity are key factors to the success of Singapore’s Smart Nation vision. If we don’t do it right, people will not have the confidence to work with and engage our companies; on the other hand, if we succeed in creating a robust data protection framework, backed by credible data security measures, we will be able to create a trusted environment for businesses and cement Singapore’s position as a trusted global data hub.
15 This will call for a concerted effort, with close cooperation between the Government, businesses, and society. I therefore urge everyone to do their part. Together, we can help Singapore realise the benefits of better products and services, driven by effective use of data and secured by robust IT systems.
16 Thank you.