What Legislation Exists in Singapore Regarding Data Protection and Security?

Before even thinking about what legislation exists in Singapore regarding data protection and security, it’s crucial to learn first the definition of key terms used in this narrative.

What is Personal Data?

Singapore’s Personal Data Protection Commission defines personal data as any data about an individual who can be known from that data. It has to be noted that this data can be either true or not. All personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA).

It’s important to note that although we tend to use the phrase “sensitive personal data” in reference to some data, the PDPA does not expressly distinguish between specific categories of personal data.

Also Read: Does Personal Data Market About To Become The Next Big Thing

How the Personal Data Protection Act Came into Fruition

With data getting collected, used, and shared from all avenues possible, it’s no surprise that concerns about privacy sooner or later grew to a crescendo.

Consequently, a data protection regime became a necessity in order to govern the collection, use, and disclosure of personal data. The presence of this government body doesn’t only assure that the provisions are implemented. They also mollify the growing concerns of individuals about their data privacy.

3 Concepts on What Legislation Exists in Singapore Regarding Data Protection and Security

In dealing with data privacy laws, the PDPA takes into account the following concepts:

• Consent – Organisations may collect, use, or disclose personal data only with the individual’s knowledge and consent (comes with some exceptions);
• Purpose – Organisations may collect, use, or disclose personal data in a manner fitting for the circumstances, and only if they have informed the individual on the objectives of the collection, use or disclosure; and
• Reasonableness – Organisations may collect, use or disclose personal data only for the reasons that would be considered appropriate to a reasonable person in the given circumstances

So What Legislation Exists in Singapore Regarding Data Protection and Security? 5 Regulations, and Then Some

While the PDPA Act 2012 is the principal data protection legislation in Singapore, there are 5 other regulations issued under the PDPA.

These are:

• The Personal Data Protection Regulations 2014 – also known as ‘PDP Regulations’, which set out the requirements for transfers of personal data out of Singapore
• The Personal Data Protection Regulations (Composition of Offences) 2013
• The Personal Data Protection Regulations (Do Not Call Registry) 2013
• The Personal Data Protection Regulations (Enforcement) 2014; and
• The Personal Data Protection Regulations (Appeal) 2015

Additionally, the Personal Data Protection Commission (PDPC) has issued a number of advisory guidelines which paint a clearer picture on how to interpret the PDPA.

If you want to learn more about the specifics of each regulation, head over to the PDPC website to check out the detailed scope of these regulations.

Other Supplementary Legislation

In discussing what legislation exists in Singapore regarding data protection and security, we also need to cover other subsidiary legislation included under the PDPA.

These are:

• Personal Data Protection (Statutory Bodies) Notification 2013
• Personal Data Protection Act 2012 (Commencement) Notification 2014
• Personal Data Protection (Prescribed Law Enforcement Agencies) Notification 2014
• Personal Data Protection (Prescribed Healthcare Bodies) Notification 2015, and
• Personal Data Protection (Amendment) Regulations 2020

After asking the question on what legislation exists in Singapore regarding data protection and security, the next best question to ask should be: what can we do within our own organisations to make sure we follow these provisions well?

Bottom line, besides wanting to avoid the hefty fine and jail time waiting for us should we violate the PDPA rules, we should also strive to build credibility among our clients and partners.

Also Read: PDPA For Companies: Compliance Guide For Singapore Business