|
|
|
To prepare workers for the Digital Economy, it is imperative that they acquire new skills, which can lay the foundation for new career choices.
|
|
|
Yeong Zee Kin,
Deputy Commissioner, PDPC
|
|
|
Hello Great Expectations,
Meet Accountability
For whom, for what outcomes and why it matters to DPOs.
(Article contributed by AsiaDPO)
Read More
|
|
A DPTM Story:
Helping People in Crisis
The Data Protection Trustmark (DPTM) is part of New Hope
Community Services’ data governance priority, enabling it
to strengthen public trust in the social services space.
Read More
|
|
|
Announcements
|
|
|
|
The Institute of Internal Auditors Singapore has invited
the PDPC to address the governance challenges posed
with the emergence of artificial intelligence (AI). We
will share how the PDPC’s Model AI Governance
Framework helps organisations deploy responsible AI,
through considerations and measures that can address
potential risks within the organisation’s corporate
governance, risk management, operations
management and customer relationships.
|
|
|
NTUC LearningHub, in partnership with Employment
and Employability Institute and the PDPC, has
launched four new data protection-related courses
for DPOs, based on the PDPC’s Data Protection
Competency Framework and Training Roadmap.
|
|
|
|
|
New Resources
|
|
|
|
|
The Guide to Notification now includes a section on
key considerations in developing notifications and new
examples, including dynamic consent and just-in-time
notifications.
|
|
|
Chapter 6 on "Organisations" and chapter 15 on
"Access and Correction Obligations" have been
revised in the Advisory Guidelines on Key Concepts in
the PDPA.
|
|
|
A new chapter on "Cloud Services" has been added
into the Advisory Guidelines on the PDPA for
Selected Topics.
|
|
|
|
|
Commission's Decisions
Dec 2019
|
|
|
| ● |
A financial penalty of $60,000 was imposed on Learnaholic
for failing to put in place reasonable measures to protect
the personal data of students, students’ parents and staff
of various schools.
|
| ● |
A financial penalty of $6,000 was imposed on i-vic
International for failing to put in place reasonable security
arrangements to protect the personal data of individuals
which it had processed on another organisation’s behalf.
i-vic as the data intermediary did not put in place diligent
and properly scoped testing of software which led to the
disclosure of personal data of individuals via email.
|
| ● |
A financial penalty of $12,000 was imposed on The Travel
Corporation (2011) for breaches of the PDPA. The
organisation failed to appoint a data protection officer and
did not put in place reasonable security arrangements to
protect its customers’ personal data stored in portable
storage devices.
|
| ● |
Directions, including a financial penalty of $8,000, were
imposed on Chizzle for failing to put in place reasonable
security arrangements to protect the personal data of users
of its mobile application. The organisation was also directed
to develop an IT security policy, review and revise its
developmental processes in order to adopt a data
protection by design approach for future enhancements
to its mobile application.
|
| ● |
Global Outsource Solutions was found in breach of
the PDPA for failing to put in place reasonable security
arrangements to protect the personal data collected by
its website and for failing to develop and implement data
protection policies. This resulted in the disclosure of
personal data of customers on the organisation’s online
warranty registration portal. Global Outsource Solutions
was directed to develop and implement policies for data
protection and staff training in data protection, and to put
all employees handling personal data through such training.
|
| ● |
A financial penalty of $8,000 was imposed on Honestbee
for failing to put in place reasonable security arrangements
to protect the personal data of individuals. The data of
about 8,000 individuals was stored in the cloud without
access restrictions.
|
| ● |
Saturday Club was found in breach of the PDPA for failing
to put in place written policies and practices necessary to
ensure its compliance with the PDPA. Saturday Club was
directed to put in place a data protection policy to comply
with the provisions of the PDPA and to conduct training to
ensure its employees are aware of and comply with the
requirements of the PDPA.
|
|
|
|
Read more Commission's Decisions here
|
|
|
|
Help and Resources for DPO
|
|
|
Use the free online self-assessment tool to gauge your organisation’s level of compliance with the PDPA.
|
A free-to-use tool for generating basic data protection
template notices to help your organisation inform your
stakeholders on how their personal data is managed.
|
A listing of information on DP consulting services,
legal advisors for personal data protection, data
protection training providers, data protection
solutions, outsourced DPO functions service providers
and cyber security services.
|
|
|
|
|
If you want to reach out, please contact us online or call +65 6377 3131.
|
|
If you wish to unsubscribe, please click on this link.
|
|
|
