Proposed changes to Singapore’s data protection law seek stiffer penalties for info leaks

SINGAPORE – In case of a data breach, organisations may soon be slapped with fines of up to 10 per cent of their annual gross turnover, or $1 million, whichever is higher, if proposed amendments to Singapore’s Personal Data Protection Act go through.

Currently, companies are liable for fine of only up to $1 million, but the authorities are seeking stronger deterrents for data breaches.

The stricter penalty will be aligned with the law in other jurisdictions, such as the European Union, said the Ministry of Communications and Information (MCI) and privacy watchdog Personal Data Protection Commission (PDPC) in their fourth public consultation exercise to amend the Act on Thursday (May 14).

The EU’s General Data Protection Regulation, for instance, provides a revenue-based maximum financial penalty of 4 per cent of an entity’s global annual turnover, or €20 million (S$30.7 million), whichever is the higher.

Slapping potentially higher fines in Singapore is among a list of proposed amendments to the draft Personal Data Protection (Amendment) Bill.

Other key proposed amendments on which the authorities are inviting feedback include mandating organisations to notify PDPC of data breach that involves 500 or more individuals, or that is likely to result in harm to affected individuals, as well as to notify the affected individuals themselves.

Individuals will also be able to ask for a copy of their personal data to be transmitted to another organization under a new Data Portability Obligation so that users can switch service providers easily.

This draft Bill also includes related amendments to the Spam Control Act (SCA), which has been in force since 2007. The SCA, for example, will be amended to cover commercial text messages sent in bulk to instant messaging accounts, such as WhatsApp and Facebook Messenger, to protect users from unsolicited messages. You can also read our full DNC guide to understand better.

If an individual discloses personal data in the possession or control of an organisation, he shall also be guilty of an offence, and could be fined up to $5,000 or jailed for up to two years, or both. Such penalties will align with the public sector’s internal rules for public officers who mishandle Government data.

PDPC deputy commissioner Yeong Zee Kin said in statement that the public’s trust in organisations’ management of their data is “especially important” when digital services such as e-commerce are becoming increasingly prevalent. This comes as the digital economy generates a large amount of data, including in recent weeks when many activities have moved online, he said.

“The amendments… will support our organisations’ efforts as they transform and grow in the digital economy to better serve consumers,” he added.

The public consultation on MCI’s website ends on May 28 at 5pm.

Source:

https://www.straitstimes.com/singapore/proposed-changes-to-singapores-data-protection-law-seek-stiffer-penalties

What SMEs Need To Take Note About The Potential Change to PDPA Law?

We feel that the PDPA law will definitely become stricter. With so many pdpa breaches happening every month, many SMEs still did not appoint DPO and are not PDPA Compliant at all!

Singapore government is actively reviewing the existing PDPA obligations to ensure organizations adhere to data protection best practices. Once the proposed bill has been effected, businesses that have yet to implement any data protection measures, policies and processes will find it even harder to comply.

Many SME owners have the mentality that they are “small” and that they won’t appear on the government’s radar; that the focus is only on the big boys. This is wrong because statistically, most of the enforcement cases are actually of small companies being fined sums up to SGD $20,000 and more.

Contact us if you have any questions on PDPA or need help on data protection matters! You could drop us an email at ninjas@privacy.com.sg or click the link below:

https://www.privacy.com.sg/contact-us