You are here

PDPC issues guides, seeks public feedback to boost Singapore firms' data accountability, data innovation

ORGANISATIONS can now respond to data breaches more confidently and be more accountable in how they manage personal data, thanks to two guides by Singapore’s Personal Data Protection Commission (PDPC).

The commission on Wednesday introduced a new Guide on Active Enforcement for organisations to shift from compliance to accountability, as well as an updated Guide to Managing Data Breaches 2.0 to enable organisations to manage and respond to data breaches more effectively.

Accountability includes companies taking responsibility for how they use data collected from individuals, and proactively implementing measures to safeguard such data.

The new Guide on Active Enforcement articulates the PDPC’s practical enforcement approaches when dealing with data breaches. It also includes examples and clarifications to address common queries from companies, such as policy considerations by the PDPC when deciding to initiate or discontinue an investigation, as well as financial penalty assessment factors.

Market voices on:

As for managing data breaches, organisations should have in place monitoring measures for early detection and warning for possible breaches, and a data breach management plan for reporting and assessing a data breach, according to the PDPC’s updated Guide to Managing Data Breaches 2.0.

The updated guide also sets out the steps that organisations can take in responding to a data breach.

PDPC on Wednesday also started a public consultation - open for six weeks until July 3, 2019 - to seek views on proposals to introduce data portability and data innovation provisions in the Personal Data Protection Act 2012 (PDPA).

The proposed data portability provision will provide individuals with greater control over their personal data and give organisations greater access to more data to facilitate data flows and increase innovation, while the proposed data innovation provision makes it clear that organisations can use data for appropriate business purposes without individuals’ consent.

The two guides and public consultation were announced by PDPC's deputy commissioner, Yeong Zee Kin, at the Know Ahead to Stay Ahead – Leadership’s Engagement in Data Protection event co-organised by the PDPC and Singapore Business Federation, and supported by the Law Society of Singapore.

The commission said in a press statement: “Organisations are urged to consider taking up this approach as this will allow them to respond to data breaches confidently and prepare for the PDPC’s planned introduction of a mandatory breach notification in its upcoming Act Amendment.”