Embed Size (px)
Citation preview
©2015 PDPC Singapore All Rights Reserved
Singapore’s Data Protection Law - Challenges and the Way Forward
IAPP Asia Privacy Forum (5 May 2015)
©2015 PDPC Singapore All Rights Reserved
Singapore’s Personal Data Protection Act
2
©2015 PDPC Singapore All Rights Reserved
Objectives of the PDPA
3
Individual Interest Put in safeguards to protect
individuals’ data from misuse by regulating proper management of personal data.
Give individuals greater control over their personal data.
Economic Interest Strengthen position as trusted hub and choice location for data hosting and
processing activities to enhance Singapore’s overall competitiveness Facilitate cross-border transfers
Baseline Data Protection Regime
Business Interest Sets rules for organisations in
the collection, use, disclosure, and care of personal data.
Provides necessary clarity to organisations which handle personal data as part of their essential business processes.
©2015 PDPC Singapore All Rights Reserved
Individuals to be aware and have
consented to data activities
Notification Obligation
Consent Obligation
Data activities limited by
consent and purpose
Purpose Limitation Obligation
(Limiting Collection,
Use, Disclosure)
Organisations’ obligations to
care for personal data
Accuracy Obligation
Protection Obligation
Retention Limitation Obligation
Transfer Limitation Obligation
Organisations’ accountability to
individuals
Openness Obligation
(Accountability and
Challenging Compliance)
Access and Correction Obligation
Technology-neutral Principles-based
4
Complaints-based Regime
Overview of the Data Protection Regime
©2015 PDPC Singapore All Rights Reserved
PDPC’s Enforcement Framework
5
Direction/Financial Penalty not exceeding $1 million
Facilitation
Investigation
Mediation
Reasonable, proportionate and effective enforcement
regime
If organisation is in breach
©2015 PDPC Singapore All Rights Reserved
Helping Organisations Comply
6
Education and Training Workforce Skills Qualification on
the PDPA with subsidised course fee funding of up to 90%
Free E-learning programme Free briefings and annual seminars
Providing Guidance Business Checklist Advisory guidelines Guides (voluntary compliance) Informal guidance by the
Commission Business Advisors at SME
Centres
©2015 PDPC Singapore All Rights Reserved
Singapore’s Smart Nation Vision
7
©2015 PDPC Singapore All Rights Reserved
8
Singapore’s Vision for a Smart Nation
A Digital Government that:
Anticipates citizens’ needs
Builds responsive municipal & e-services
Engages citizens
Makes Singapore our home
©2015 PDPC Singapore All Rights Reserved
9
Singapore’s Data Initiatives
“Smart” housing project pilot launch in Punggol housing estate with sensors
for functions such as intelligent parking demand monitoring
Virtual Singapore, a 3D map project, to solve problems such as identifying flood-
prone areas
Data.gov.sg which has more than 8,600 publicly available datasets from 60 public agencies for research, analysis
and application development
©2015 PDPC Singapore All Rights Reserved
10
©2015 PDPC Singapore All Rights Reserved
Challenges in Data Protection
11
©2015 PDPC Singapore All Rights Reserved
12
Big Data
Challenges of Big Data
1. Risk of re-identification increases
2. Conventional data protection principles (e.g. consent, notification, purpose limitation) may not apply neatly
3. M2M, IOT increase challenges
Growth of Big Data:
By 2020, 40 zettabytes
(12.5 times of today)
©2015 PDPC Singapore All Rights Reserved
13
Cybersecurity
Cybersecurity Agency
Set up on 1 April 2015
Dedicated and centralised oversight of national cyber security functions
Educate and inform the public on securing personal data
Review of Data Protection Policies
PDPC and other public agencies constantly study and review policies as the technology landscape evolves
©2015 PDPC Singapore All Rights Reserved
14
Data activities are not
limited or confined geographically
Not all jurisdictions have data protection or privacy
regimes
Lack of regulatory harmonisation
Positive inroads amongst
jurisdictions
Regulating Cross Border Transfers of Data
©2015 PDPC Singapore All Rights Reserved
IAPP Privacy Forums
International Conference of Data Protection and Privacy Commissioners
Asia Pacific Privacy Authorities Forum
APEC Cross Border Privacy Rules
EU Binding Corporate Rules
Supporting Collaborations
Global Privacy Enforcement Network
15
©2015 PDPC Singapore All Rights Reserved
The Way Forward
16
©2015 PDPC Singapore All Rights Reserved
Engaging International Agencies to develop
international standards
Use of Personal Data
Working with Industry Leaders and Regulators
A Consultative Approach
17
Thank You
www.pdpc.gov.sg
©2015 Personal Data Protection Commission of Singapore. No part of these slides may be transmitted or reproduced, in any form or by any means, without the prior written permission of the PDPC
