Parliament Sitting on 6 August 2018

QUESTION FOR WRITTEN ANSWER


*2121. Mr Melvin Yong Yik Chye: To ask the Minister for Communications and Information (a) what is the projected number of Data Protection Officers (DPO) needed in Singapore for the next five years; (b) what is the current shortfall; and (c) what is the Ministry's plan to train and deploy more DPOs.

Answer: 

Mr Speaker, it is mandatory under the Personal Data Protection Act, or PDPA, for all private-sector organisations to designate one or more individuals as a Data Protection Officer, or DPO. The DPO is responsible for ensuring that the organisation complies with the PDPA.

2 According to a 2018 survey commissioned by the Personal Data Protection Commission, or PDPC, close to 60% of private sector organisations in Singapore have appointed at least one DPO. This represents a six percentage point increase from the previous year. PDPC is studying this issue closely, with a view to increasing both the numbers and capabilities of DPOs.  

3 There are two parts to my Ministry and PDPC’s plan to train and deploy more DPOs. Firstly, we are developing and supporting training programmes for DPOs. For example, since 2014, PDPC has developed an e-learning programme for DPOs to learn about the fundamentals of the PDPA.

4 PDPC is supplementing this by rolling out more advanced training programmes to enhance DPOs’ skills. These include the Professional Conversion Programme for DPOs, which started last month, and the Practitioner Certificate for Personal Data Protection Preparatory Course, which starts in October this year. In addition, PDPC has supported the development of personal data protection-related courses to be taught at the National University of Singapore and Singapore Management University starting this academic year, through which graduates can attain professional, internationally recognised certification.

5 The second part of our strategy is to foster a collaborative environment where DPOs can learn best practices. PDPC is making Singapore a training hub for data protection professionals in the region by anchoring data protection-related events here, such as the annual Personal Data Protection Seminar hosted by PDPC. PDPC is also encouraging the formation of more communities of practice, such as AsiaDPO and the Law Society’s Cybersecurity and Data Protection Committee.

6 While we continue to grow and deepen the pool of DPOs, organisations must also do their part by appointing and supporting their DPOs. By doing so, organisations will not just comply with the PDPA, but more importantly, build consumer trust in their ability to use and safeguard personal data responsibly. 

 
MCI’s response to PQ on RuPauls' Drag Race show Parliament QAs Infocomm Media 15 Jan 19
Statement by Mr S iswaran, Minister-in-Charge of Cybersecurity, on the Government’s response to the report of the Committee of Inquiry into the cyber attack on SingHealth, during Parliamentary Sitting on 15 January 2019 Parliament QAs, Speeches Cyber Security, Personal Data 15 Jan 19
MCI’s response to PQ on measures to protect personal data of Facebook users Parliament QAs Personal Data 14 Jan 19
MCI’s response to PQ on telco operators’ call centres Parliament QAs Infocomm Media 14 Jan 19
Speech by Mr S Iswaran, Minister for Communications and Information, at the opening of Library@HarbourFront on 12 Jan 2019 Speeches Libraries 12 Jan 19
Public Report of the Committee of Inquiry (COI) into the cyber attack on Singapore Health Services Private Limited Patient Database Press Releases Cyber Security 10 Jan 19