By Fredericka Argent

On 2 January 2013 the new Personal Data Protection Act  (PDPA) came into force in Singapore, following its enactment by the Singaporean Parliament on 15 October 2012.  A December press release also announced that Singapore’s government has also now established a Personal Data Protection Commission (PDPC) and a Data Protection Advisory Committee (DPAC) to administer and advise, respectively, on the new law.

The PDPA is intended to govern the collection, use and disclosure of personal data by organizations. Some of the key features of the new law include:

  • Data protection rules. Well-known concepts and principles of data protection law, as implemented in a variety of jurisdictions across the globe, also appear to be reflected in the new Singapore law.  For example, the law appears to require organizations to limit the purposes for which they process data, and to collect data only to the extent it is reasonably required.  Individuals also appear to gain certain rights, such as the ability to request access to data relating to themselves.
  • The establishment of a “Do Not Call” (“DNC”) Registry. The new DNC Registry will enable individuals to register their Singapore telephone numbers in the registry in order to opt out of receiving unsolicited marketing calls, text and fax messages.

It is also interesting to note that the new law:

  • Does not appear to introduce any mandatory data breach notification requirement; and
  • Provides the PDPC the power in certain circumstances to fine an organization up to Singaporean $1 million for breach of the PDPA.

The PDPA will be implemented in stages, in order to provide organizations with time to adjust to the new rules. In particular, many of the provisions setting out the new data protection rules are expected to come into force after a transition period of approximately 18 months, and the DNC registry provisions are expected to come into force in early 2014.  During this transition period, the PDPC will work to educate organizations on how to comply with the incoming PDPA regulations.