Singapore's Personal Data Protection Commission (PDPC) has issued guidelines that elaborate and provide interpretations on specific requirements and obligations under on the Personal Data Protection Act 2012 (PDPA).
The guidelines incorporated public feedback submitted from February to April 2013. The Advisory Guidelines cover Key Concepts and Selected Topics to illustrate how the PDPA applies to specific issues.
The agency hopes a better understanding of the PDPA will help organizations adjust their business processes or implement compliant data protection processes. The PDPA will come into effect from 2 July 2014.
The Advisory Guidelines on Key Concepts provide interpretation of key terms used in the PDPA. An example of a key term is “personal data” which is interpreted as all types of data from which an individual can be identified, regardless of whether such data is true or false or whether it is in electronic or other form.
The Guidelines also elaborate on the Data Protection Provisions and various obligations in the PDPA, for example, the obligation to obtain the consent of an individual before collecting, using or disclosing his personal data, and to notify the individual of the purpose of doing so.
The Guidelines also elaborate on the Do Not Call Provisons in the PDPA. Persons that wish to send specified messages to an individual with a Singapore telephone number must check with the Do Not Call Registry to obtain consent of the individual. Specified messages would include those of a marketing nature for commercial purposes. The Do Not Call Registry will be set up by the PDPC by 2 January 2014.
The Advisory Guidelines on Selected Topics elaborate on how the PDPA applies to specific issues and domains, such as data for research; collection of personal data through closed-circuit televisions; and use of NRIC numbers.
“The Advisory Guidelines aim to provide greater clarity to organizations and individuals on the provisions of the PDPA,” says Leong Keng Thai, chairman of PDPC. “For businesses, it is important that they prepare in advance and review their own operations and processes to comply with the provisions. The PDPC is also working with sectoral regulators to develop sector-specific guidelines, and will review the need to issue further guidelines to facilitate better understanding of and compliance with the PDPA obligations.”