Search
Close this search box.

We are creating some awesome events for you. Kindly bear with us.

EXCLUSIVE – Strengthening the data protection ecosystem in Singapore through the work of PDPC

EXCLUSIVE – Strengthening the data protection ecosystem in Singapore through the work of PDPC

The Personal Data Protection Commission (PDPC) was established on January 2 2013 to administer and enforce the Personal Data Protection Act 2012 (PDPA). This year’s Privacy Awareness Week is happening from April 29 to May 5 and the full list of events can be found on www.pdpc.gov.sg/privacy-awareness-week-2017. The focus of the Privacy Awareness Week this year will be the importance of sharing personal data with care in today’s data-driven world where Big Data and the Internet of Things take centre stage, through the theme “Share With Care”.

OpenGov had the privilege to speak to Mr. Yeong Zee Kin (above photo), Deputy Commissioner of PDPC to learn more about his work at the organisation, the current data protection landscape in Singapore, developing the role of Data Protection Officers and more.

Could you tell us more about your role as the Deputy Commissioner of PDPC?

The PDPC is a new and small department but the scope of the Commission’s functions is growing exponentially, especially in the last 12 months when we started to issue data protection breach decisions.

As Deputy Commissioner, part of my duties would be to ensure the timeliness of our investigations and the quality of our decisions, as well as to promote the development of data protection jurisprudence.  Apart from this, I also ensure that our policies are formulated to deal with new and increasingly complex issues as technology and business models evolve, sectoral or broad-based issues identified from our cases, and that they support national initiatives such as the Digital Economy and Smart Nation, while keeping pace with international developments. These policy updates may surface as advisory guidelines, practical guidance or Act amendments.

During my tenure, it is also my goal to strengthen the data protection ecosystem in Singapore to enhance our nation’s reputation as a hub for data innovation. In order to achieve this, it is imperative that we develop the role of Data Protection Officers (DPOs) as a highly-respected profession, build in-house competency for organisations and provide peer support for the DPOs. We recognise that DPOs are important drivers in ensuring that their organisations’ personal data protection measures are adequate and compliant with the PDPA.

What are some of the initiatives and projects that are happening at PDPC now?

The PDPC will be actively reviewing the Act to keep it relevant, taking in the needs of the industry today and their anticipated needs in the near term. Some issues that we are looking into include a review of the consent-based regime, data breach notification and the introduction of a data protection certification framework.

We also want to enhance the data protection ecosystem, and will put in place additional resources to help businesses use personal data responsibly. For example, we are developing Data Protection starter kits to help SMEs kick-start data protection practices within their companies, intensifying our engagements with SMEs through Trade Associations/Chambers of Commerce/Professional Bodies and sector-specific fora, and providing more affirmative guidance through new and revised Advisory Guidelines to give certainty on what is permissible under the PDPA.

To professionalise the role of DPOs, we are developing a training and competency development framework culminating in certificates that will accord DPOs with professional recognition and equip them with the skills and knowledge to better carry out their responsibilities.

What is the current protection landscape in Singapore in the context of public and private sectors? Can you share steps being taken to ensure compliance with the Personal Data Protection Act (PDPA)?

The public sector’s framework is based closely on the same data protection principles that the PDPA is founded on, according similar levels of protection for personal data as the PDPA. There are, however, some differences in limited circumstances which are necessary to enable the public sector to carry out its regulatory and statutory functions in an effective and accountable manner.

         Our priority at present is to ensure that organisations are aware of their obligations under the PDPA and encourage their compliance with the PDPA through industry outreach and strategic communications. Such efforts started as early as in 2012, after public consultations on the proposed data protection regime and Do Not Call (DNC) Registry. We have been engaging organisations on a regular basis, largely through Trade Associations and Chambers of Commerce, and complement our outreach activities with advertisements in multiple platforms. More recently, we commissioned an info-educational series on television where various SMEs shared their organisations’ data protection policies and practices.

To better help organisations protect personal data in their care, we work with sector regulators to push out new and updated advisory guidelines, many of which are in response to issues that we discover during investigations.

Since the PDPA is a baseline legislation, how does the PDPC work with relevant sector regulators in exercising its functions?

The PDPA does not override the other sectoral laws. When there are cases related to personal data protection in those sectors, we will consult the sector regulator and work closely with them to ensure that either the sector regulator or PDPC will review the case and if the case warrants investigations, then either the sector regulator or PDPC will investigate it.

What kind of measures can be taken for protecting personal data, without stifling data availability and innovation or compromising the potential benefits from big data?

Generally, well-crafted and effective consent clauses are the pre-eminent mode of ensuring that customers’ data is respected and trust in the companies is built up. Organisations should not look at consent-taking as one-off, but make the best use of their various touch points with customers as an effective way to obtain and refresh consent for new data uses. Organisations are encouraged to keep an open policy and proactively communicate with customers, utilising the most appropriate channels available to build and maintain good communication and rapport with customers, thereby instilling customer confidence.

We recently revised our advisory guidelines on anonymisation clarifying how organisations may use and share anonymised data, thereby enabling consumers to reap the social benefits from wider use of data, all while ensuring personal data is still protected. Our plan is to progressively clarify other exceptions in the PDPA that organisations can rely on for big data and analytics.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.