Close

HEADLINES

Headlines published in the last 30 days are listed on SLW.

Data breaches: Stiffer fines, mandatory notification proposed

Data breaches: Stiffer fines, mandatory notification proposed

Source: Straits Times
Article Date: 06 Oct 2020
Author: Lester Wong

Changes to Act seek to give consumers more assurance on how personal data is protected.

A company found guilty of a data breach can be fined up to 10 per cent of its annual turnover in Singapore, under a change in the law that protects personal data.

The stiffer fine, however, will be imposed only on companies with an annual turnover that exceeds $10 million. Currently, the maximum a company can be fined for a data breach is $1 million.

The proposed amendment to the Personal Data Protection Act was introduced in Parliament yesterday by Minister for Communications and Information S. Iswaran to strengthen data protection standards and enforcement.

Other prospective changes include making it mandatory for organisations to notify the Personal Data Protection Commission of data breaches that are likely to harm the affected individuals.

Also, it is mandatory that they notify those affected so that the individuals can take steps to protect themselves where possible, such as changing their passwords or cancelling their credit cards.

The Bill seeks to give consumers greater confidence and assurance about the way their personal data is safeguarded, and also how its use is being enabled in a responsible way in Singapore's economy, said Mr Iswaran. "Key to this are the requirements in terms of the accountability... of enterprises or other entities who are collecting information for its use, and the enforcement measures and other tools available to regulators to ensure compliance," he added.

"We also want to give businesses greater certainty as to what they need to do to ensure that they are meeting their obligations... and in the event that an incident were to occur, what measures and steps they need to take."

The Personal Data Protection (Amendment) Bill, which was among four Bills introduced in Parliament yesterday, also allows organisations to collect, use or disclose personal data without the consent of individuals in circumstances classified as "legitimate interests".

Such situations include using the data from security cameras or other Internet of Things devices to help in investigations or legal proceedings, or to recover/pay a debt.

Under the Bill, consumers must also be allowed to opt out of having their personal data used by companies, such as e-commerce platforms Amazon and Shopee, to recommend specified items. Such recommendation engines typically analyse customers' browsing habits or previous purchases, for example, to automatically suggest items they would be more likely to buy.


HELPFUL FOR BUSINESSES TOO

We also want to give businesses greater certainty as to what they need to do to ensure that they are meeting their obligations... and in the event that an incident were to occur, what measures and steps they need to take.

COMMUNICATIONS AND INFORMATION MINISTER S. ISWARAN, on the Personal Data Protection (Amendment) Bill.

Source: Straits Times © Singapore Press Holdings Ltd. Permission required for reproduction.

Print
1505

Theme picker

Latest Headlines

No content

A problem occurred while loading content.

Previous Next
201016-1101_ECCMoots_SAL_BB

Terms Of UsePrivacy StatementCopyright 2020 by Singapore Academy of Law
Back To Top