Singapore’s Personal Data Protection Commission shifts more accountability to businesses

The three new initiatives include gathering the public’s feedback on the proposed data sharing requirement, which was announced at the 2019 Mobile World Congress, a new guidebook on how the PDPC investigate data breaches and an updated guidebook on how existing data breaches are managed.

There has been a string of data breaches in Singapore in the past year as the country’s largest healthcare provider SingHealth, saw 1.5m patients’ health records stolen, including the health records of prime minister Lee Hsien Loong.

The country’s health ministry also revealed that the HIV registry data of more than 14,000 people have been continually leaked online from as far back as 2016, and that 808,201 blood donors in Singapore had their personal details exposed in January 2019, through a loophole in Health Sciences Authority's database.

“Data is a key enabler of digital transformation, but a balance must be achieved between data protection and business innovation. We are taking firm steps to position Singapore as a trusted data hub in the global Digital Economy by seeking feedback on the proposed data portability and innovation provisions, as well as testbedding data breach notification measures,” said Yeong Zee Kin, the deputy commissioner of PDPC.

“The PDPC also recognises the importance of being responsive and agile in enforcing data protection in an environment of fast-evolving data use, coupled with sweeping technological advances. Hence, the PDPC has converted its knowledge and experience in investigations to practical enforcement approaches in a Guide to Active Enforcement which businesses can refer to, and updated the Guide to Managing Data Breaches.”