Firms urged to join data protection certification pilot scheme

AN open call for companies to join a pilot for data protection certification was launched on Wednesday by the Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC).

The Data Protection Trustmark (DPTM) certification was announced in 2017, as part of several initiatives to ensure that the data protection ecosystem in Singapore stays up to date.

Eight companies are already undergoing the pilot programme, including Singtel, DBS Bank, RedMart and Fullerton Healthcare Group.

The certification will be officially rolled out by the end of 2018, after IMDA and PDPC finalise its process and framework following the pilot programme.

Entities certified under the DPTM scheme will be able to use and display a DPTM logo in their business communications during the three-year certification period. They will first have to apply to IMDA for the certification, after which they can select one of three independent bodies to conduct an assessment.

The assessment bodies are ISOCert, Setsco Services and TUV SUD PSB. Assessment fees, which will be paid to these bodies, start from $1,400.

In a joint statement, IMDA and PDPC said the DPTM would give entities a competitive advantage as it would allow consumers to identify organisations that have in place independently assessed data protection policies and practices.

Speaking at the 6th Personal Data Protection Seminar on Wednesday at the Raffles City Convention Centre, Minister for Communications and Information S Iswaran said that when it comes to data protection, Singapore cannot rely on laws such as the Personal Data Protection Act alone.

Organisations, he added, must develop a culture of accountability to build consumer trust.

Said Mr Iswaran, who is also Minister-in-charge of Cyber Security: "While the Government will do its part to facilitate innovative and accountable data use, we strongly encourage organisations to put in place measures to do the same."

Commenting on last week's SingHealth data breach, which was Singapore's worst cyber attack, Mr Iswaran reiterated in his speech on Wednesday that the PDPC will take into account the Committee of Inquiry's report in its assessment of any appropriate action to be taken.

He also said Singapore will not stop with its Smart Nation efforts.

"We have started our Smart Nation journey, and we will continue to move forward to seize opportunities afforded by technology even as we strengthen our systems so as to build and sustain trust that we have painstakingly built up over the years," he said.

THE STRAITS TIMES