Trust is earned when consumers are assured that their personal data is used responsibly by accountable organisations.

Michelle Yap,
Assistant Commissioner, PDPC

Amendments to the Personal Data Protection Act and Spam Control Act Passed

The proposed amendments to the PDPA to address Singapore’s evolving digital economy needs, and related amendments to the Spam Control Act (SCA), were passed in Parliament on 2 November 2020.

Closing Note to Public Consultation on Personal Data Protection (Amendment) Bill

The Ministry of Communications and Information (MCI) and the PDPC issued a closing note to the public consultation on the Personal Data Protection (Amendment) Bill.

Building Data Management Capabilities in the Social Services Sector

The Infocomm Media Development Authority (IMDA) and the PDPC collaborated with National Council of Social Service (NCSS) to build data management capabilities in the social services sector through Data Protection-as-a-Service (DPaaS).

DPaaS is an alternative for organisations to outsource their data protection functions. Organisations may approach any of the listed providers who are registered with IMDA.

Draft Advisory Guidelines on Key Provisions of the Personal Data Protection (Amendment) Bill Now Available

The PDPC has issued the draft Advisory Guidelines which provide the PDPC’s clarification on key provisions in the Bill. These are not meant to exhaustively cover all the amendments in the PDPA and will be finalised and issued when the amendments to the PDPA come into effect.

Guide on Managing Data Intermediaries Now Available

The PDPC has published a new guide that highlights the relevant obligations under the PDPA and key considerations for organisations when outsourcing data processing activities to data intermediaries. The guide looks into the aspects of governance and risk assessment, policies and practices, service management and exit management.

Compendium of AI Use Cases Volume 2 Now Available

The IMDA and PDPC have published a second volume containing new use cases that illustrate how organisations have implemented or aligned their AI governance practices with the Model AI governance Framework.

The Compendium showcases how AI Singapore, City of Darwin (Australia), Google, Microsoft and Taiger, have benefited from the use of responsible AI in their line of work.

Webinar - Building Consumer Trust with Accountable Data Protection and Cybersecurity Practices

8 Dec 2020

Organised by Enterprise Singapore, this webinar helps you understand how the Data Protection Trustmark (DPTM) certification and adopting an accountability approach can help enhance your business’ data management capabilities and strengthen consumer trust. Learn how standards such as ISO 27001 can help your business effectively manage and overcome cybersecurity challenges.

Breach of the Protection Obligation by Novelship

Novelship failed to put in place reasonable security arrangements to protect the personal data collected from its sellers from unauthorised access on its website.

Breach of the Protection and Retention Limitation Obligations by Worksmartly

Worksmartly failed to put in place reasonable security arrangements to protect the personal data of its client’s employees. It was also found to be retaining personal data which was no longer necessary for legal or business purposes.

Breach of the Protection and Retention Limitation Obligations by Times Software, Breach of the Protection Obligation by Dentons and TMF

Times Software, a data intermediary, failed to make reasonable security arrangements to prevent the unauthorised disclosure of employees' personal data belonging to its clients, and retained personal data which was no longer necessary for legal or business purposes. Separately, Dentons and TMF were each issued a warning for failing to put in place reasonable security arrangements with Times Software to prevent unauthorised disclosure of their employees' personal data.