Singapore’s Personal Data Protection Commission shifts more accountability to businesses
Singapore’s Personal Data Protection Commission (PDPC) has introduced three new initiatives which aim to promote innovation through trust by holding businesses accountable for the way they collect consumers’ personal data.
There has been a string of data breaches in Singapore in the past year.
Ahead of the one-year anniversary of the European Union’s data protection initiative GDPR, the PDPC, which was introduced in 2012, said it wants businesses to move from compliance to accountability when it comes to managing personal data.
The three new initiatives include gathering the public’s feedback on the proposed data sharing requirement, which was announced at the 2019 Mobile World Congress, a new guidebook on how the PDPC investigate data breaches and an updated guidebook on how existing data breaches are managed.
There has been a string of data breaches in Singapore in the past year as the country’s largest healthcare provider SingHealth, saw 1.5m patients’ health records stolen, including the health records of prime minister Lee Hsien Loong.
The country’s health ministry also revealed that the HIV registry data of more than 14,000 people have been continually leaked online from as far back as 2016, and that 808,201 blood donors in Singapore had their personal details exposed in January 2019, through a loophole in Health Sciences Authority's database.
“Data is a key enabler of digital transformation, but a balance must be achieved between data protection and business innovation. We are taking firm steps to position Singapore as a trusted data hub in the global Digital Economy by seeking feedback on the proposed data portability and innovation provisions, as well as testbedding data breach notification measures,” said Yeong Zee Kin, the deputy commissioner of PDPC.
“The PDPC also recognises the importance of being responsive and agile in enforcing data protection in an environment of fast-evolving data use, coupled with sweeping technological advances. Hence, the PDPC has converted its knowledge and experience in investigations to practical enforcement approaches in a Guide to Active Enforcement which businesses can refer to, and updated the Guide to Managing Data Breaches.”