Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Do Not Call Registry Penalty: Important Tips To Consider

Do Not Call Registry penalty
Any act done or conduct engaged in by an employee in the course of his or her employment shall be treated as if it were done or engaged in by his employer as well as by him, whether or not it was with his employer’s knowledge or approval.

Do Not Call Registry Penalty: Important Tips To Consider

Bodies Corporate Offences

When an offence under the Personal Data Protection Act 2012 (PDPA) is committed by a body corporate, and is proved to have been committed with the consent or involvement of the officer or is due to his neglect, the officer and the body corporate shall be guilty of the offence and shall be liable to be proceeded against and punished accordingly. This would also apply in cases where the affairs of the body corporate are managed by its members.

Responsibility of an Employer for the Conduct of Employees

Any act done or conduct engaged in by an employee in the course of his or her employment shall be treated as if it were done or engaged in by his employer as well as by him, whether or not it was with his employer’s knowledge or approval. In defence, the employer may prove that it took steps to prevent the employee from doing the act or engaging in the misconduct at hand.

Powers of Investigation

Section 50(1) of the PDPA provides that the PDPC may, upon complaint or of its own motion, conduct an investigation to determine whether an organisation is compliant with the PDPA.

When a case is submitted to the PDPC, it will conduct a preliminary investigation to assess if a Do Not Call Registry penalty (“DNC Registry penalty”) offence may have been committed. If, during the preliminary investigation, the PDPC determines that a Do Not Call Registry Penalty may have been committed, the PDPC may contact the organisation to furnish documents or information.

Power to Require the Production of Documents or Information

Where the PDPC has reasonable grounds for suspecting that an offence under the Do Not Call Registry Penalty has been committed, it may require any organisation to produce specified documents or to provide specified information, by written notice. 

The PDPC is not limited to approaching an organisation suspected of infringement and/or the organisation’s officers. For example, the PDPC may approach third parties such as outsourced telemarketers, associated business agents and other affiliates. When requiring an organisation to produce a document, the PDPC may:

  • take copies or extracts from any document produced;
  • require a person served with a notice to produce the document to provide an explanation of the document produced; and
  • if the document is not produced, require a person served with a notice to produce the document (or any past or present officer or employee of that person) to state, to the best of that person’s knowledge or belief, where the document can be found.

The PDPC may also specify, in the notice:

  • the time and place at which any document is to be produced or any information is to be provided; and
  • the manner and form in which it is to be produced or provided.

If the information is not in recorded form, the PDPC may require that the information be compiled and produced to the PDPC. For example, an organisation may be asked to provide documents or information relating to several complaints of unsolicited phone calls or text messages over a considerable period.

The written notice may be addressed to individuals or organisations. If a written notice is addressed to an organisation, the appropriate person to respond is the person who is authorised by the organisation to respond on the organisation’s behalf. If a written notice is addressed to an individual, that individual must respond, and it is not acceptable for another person to respond on that individual’s behalf unless there are reasonable grounds to do so. 

The PDPC is not limited to approaching an organisation suspected of infringement and/or the organisation’s officers.

Power to Enter Premises for Inspection

The PDPC has powers enabling it to enter premises and to gain access to information, documents and equipment or articles relevant to an investigation. 

When entering any premises for inspection, the PDPC’s inspector or person assisting the inspector will identify himself by producing his Authorisation Card and evidence of his authority to enter the premises.

Please contact the PDPC’s main line at 6377 3131 (during office hours) if you require verification of an officer’s identity.

Power to Enter Premises without Warrant

The PDPC may enter into any premises without a warrant by giving the occupier of the premises at least 2 working days’ written notice of the intended entry, and indicating the subject matter and purpose of the investigation. The PDPC may also enter into any premises without a warrant and without notice if the inspector has reasonable grounds for suspecting that the premises are, or have been, occupied by an organization that he is investigating in relation to a contravention of the PDPA. The PDPC may exercise this power if the inspector has taken reasonably practicable steps to give notice to the organization but has not been able to do so. 
 
The PDPC is not limited to entering the premises of an organization suspected or infringement but may enter any premises. This includes premises of associated business partners or customers of an organization.

Also read: Top 25 Data Protection Statistics That You Must Be Informed

Power to Enter Premises under Warrant

The PDPC may apply to a District Court for a warrant authorising an inspector or officer of the PDPC named in the warrant (“named officer”) and other persons assisting the inspector or authorised in writing by the PDPC (“accompanying officers”) to enter and search any premises.

Accompanying officers may include persons such as computer technicians or forensic experts, who may carry out specific tasks under the supervision of the named officer.

The named officer and any other accompanying officers entering premises under a warrant may take with them such equipment as they deem necessary. This may include equipment that used to enter the premises using reasonable force (for example, equipment for breaking locks) as well as equipment used to facilitate a search (for example, computer equipment). 

The warrant may authorise a named officer and any other accompanying officers to:

  • enter the premises specified in the warrant using such force as is reasonably necessary;
  • search any person on the premises if there are reasonable grounds for believing that the person has in his possession any document, equipment or article related to the investigation;
  • search the premises and take copies of or extracts from any document appearing to be of the kind in respect of which the warrant was granted;
  • take possession of any document appearing to be the kind in respect of which the warrant was granted, if such action appears necessary for preserving the document or preventing interference with it, or if it is not reasonably practicable to take copies of the document on the premises;
  • take any other steps which appear necessary in order to preserve the documents or prevent interference with them;
  • require any person to provide an explanation of any document appearing to be of the kind in respect of which the warrant was granted or to state to the best of his knowledge and belief where such document may be found;
  • require any information, which is stored in any electronic form and is accessible from the premises, and which the named officer considers relates to any matter relevant to the investigation, to be produced in a form in which it can be taken away and read; and
  • remove from the premises for examination any equipment or article which relates to any matter relevant to the investigation, for example, computers or any telecommunication devices.
Where the PDPC has reasonable grounds for suspecting that an offence under the Do Not Call Registry Penalty has been committed, it may require any organisation to produce specified documents or to provide specified information, by written notice. 

Access to Legal Advice

If the PDPC exercises its powers to effect entry into the occupier’s premises, the occupier of the premises may request to consult its legal advisor.  The investigating officer, authorised person, inspector or person required by the inspector may allow this request if he thinks that the time taken for the occupier’s legal adviser to arrive at the premises is reasonable.

The exercise of the right to consult a legal advisor must not delay or impede the inspection. The investigating officer, authorised person, inspector or person required by the inspector may not wait for an external legal adviser to arrive, if the occupier has an in-house legal advisor present on the premises, or if the occupier was given prior notice of the intended entry. 

General Offenses and Penalties

It is an offence under section 51(3)(b) and (c) of the PDPA to:

  • obstruct or impede the PDPC, its inspectors or other authorised officers in the exercise of their powers or performance of their duties under the PDPA; or
  • knowingly or recklessly make a false statement to the PDPC, or knowingly misleads or attempts to mislead the PDPC, in the course of the performance of the duties or powers of the PDPC under the PDPA.

An organisation or person that commits an offence under section 51(3)(b) or (c) of the PDPA is liable to:

  • in the case of an individual, to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 12 months or to both; and
  • in any other case, to a fine not exceeding $100,000.

Do Not Call Registry Penalty

Any organisation that breaches the Do Not Call Registry Penalty provisions in the PDPA is liable to a fine of up to $10,000 per offence.

In appropriate cases, the PDPC may compound the offence for a sum of up to $1,000. Whether composition is offered and the amount of composition will be decided by the PDPC based on the facts of each case.

Also read: 12 brief explanation about the benefits of data protection for business success

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us