Help for SMEs on personal data protection

THE government on Friday announced measures to help companies, particularly small and medium-sized enterprises (SMEs), understand the Personal Data Protection Act (PDPA), which has been in force since July 2, 2014.

Minister for Communications and Information Yaacob Ibrahim announced at a personal data protection seminar that the Personal Data Protection Commission (PDPC), the watchdog body for data protection in Singapore, will collaborate with the Law Society to establish a legal advice scheme to help SMEs on matters related to personal data protection.

From June 1, the scheme will provide SMEs with basic legal advice on compliance with the PDPA at a preferential fixed charge of S$500. During the one-hour consultation, a lawyer assigned by the Law Society will review a PDPA checklist (completed prior to the consultation) with the SME.

The lawyer will make an initial assessment on whether the SME has complied with the PDPA provisions and will advise on possible next steps such as the need for additional legal services or consultation.

Dr Yaacob also announced that the PDPC and the Cyber Security Agency of Singapore (CSA) have released two guides. The first provides organisations with a series of steps on how to protect personal data in electronic form while the second is a guide on managing and responding to data breaches. Both guides are available on the PDPC's website and have been written in a simple manner that is easy to understand.

Also from June 1, the PDPC will double the credits for free checking of the Do Not Call (DNC) registry from the current 500 to 1,000. With the new measure PDPC expects that more than 80 per cent of the organisations checking numbers with the DNC registry will not need to pay.

A PDPC spokesman noted that in a consumer survey conducted by the PDPC this year, about nine in 10 consumers who have signed up for the DNC Registry experienced a drop in the number of telemarketing messages received over the past year.

More organisations have been registering accounts on the DNC registry to check their telemarketing numbers, in order to comply with the DNC provisions. The average monthly number of new organisation accounts registered in the past six months (November 2014 to April 2015) has been about 90 organisation accounts per month.

There have been about 440 data protection-related complaints received by PDPC since the PDPA took effect 10 months ago. About 230 complaints have been successfully facilitated or found not to require further action.

Another 70 are still undergoing facilitation. About 140 complaints are under investigation of which less than 10 complaints relate to unauthorised data disclosure.

PDPC recently conducted two surveys with organisations and consumers, and the findings showed that organisations were aware of the need to comply with the PDPA. More than 80 per cent of organisations had some measures in place to comply with the PDPA.

The survey also showed that more than 80 per cent of organisations believed that the PDPA would help strengthen Singapore's position as a trusted hub and choice location for data hosting and management activities.

Among individuals, more than 80 per cent agreed that with the Act, consumers had better control over their personal data. Close to 80 per cent of consumers felt that the Act was effective as more organisations had been seeking consent when collecting personal data.


This article was first published on May 9, 2015.
Get The Business Times for more stories.