Dr Yaacob Ibrahim, Minister for Communications and Information, 
Ms Tan Li San, Deputy Secretary, Ministry of Communications and Information,
Ms Jacqueline Poh, Managing Director, Infocomm Development Authority of Singapore
Speakers,
Fellow Commissioners of overseas data protection authorities,
Distinguished guests, Ladies and Gentlemen,

1. Good afternoon and welcome to the Personal Data Protection Seminar 2016.


2. This is our fourth annual seminar. Riding on the momentum of the past three years, responses for this year’s seminar have reached an all-time high of 800 participants. The theme of this year’s seminar, “Bridging Innovation and Trust”, speaks of Singapore’s ambition to be the world’s first Smart Nation. Big Data, data analytics and the Internet of Things are technologies that will enable this journey towards our Smart Nation and drive the next phase of economic activity and growth.


3. The benefits of these technologies can only be realised in an environment of trust that comes with responsible collection, use and sharing of data, particularly personal data. This afternoon’s discussions will centre on how data can be utilised optimally and shared across sectors and the steps organisations can take to build a safe and trusted environment for innovation.


4. The Personal Data Protection Commission will strive to ensure that our policies and actions foster an environment of trust and high consumer confidence. I would like to share some key developments in our work at the Commission.
   
   Progress Report – Enforcement


5. Our first tranche of enforcement decisions was announced in April this year, where 11 organisations were found to be in breach of the Personal Data Protection Act (or PDPA). The penalties ranged from warnings to directions to pay financial penalties.


6. While attention is frequently focused on the details of our enforcement actions, we will miss the woods for the trees if we fail to realise that the PDPA does not prevent the use and sharing of data. On the contrary, the primary objective of the PDPA is to facilitate the use and sharing of personal data in a safe and responsible manner by establishing standards to ensure that businesses take the appropriate steps to protect the personal data under their care, and use them in a responsible fashion to improve business competitiveness.


7. We observed that the more severe breaches were due to inadequate data protection measures in place, which resulted in the unauthorised disclosure of personal information. In particular, many organisations hire external vendors for the development, maintenance and operation of their IT systems. Organisations need to understand that the vendors they hire have an important role to play in data protection, and must work closely with them to ensure that the appropriate level of security is accorded to the protection of personal data.
   
    

   Progress Report – Increased Guidance for Organisations

8. The industry survey that we conducted this year among some 1,500 organisations indicates that three in five respondents have implemented some form of measures to protect personal data.


9. While this reflects a growing awareness amongst organisations on the importance of personal data protection, some organisations, particularly the Small and Medium Enterprises (SMEs), can do with more guidance in adopting good practices. In this regard, we have issued several new guides offering practical advice on building websites and IT vendor management. We have also released a guide on sample contractual clauses that can be included in the agreements with vendors. Since breaches can occur through both physical and electronic mediums, we have also issued a guide indicating ways in which organisations can safely dispose of personal data in a physical medium.


10. In addition to these, we have made updates to the existing guide on securing personal data in electronic medium to include new chapters on cloud computing, IT outsourcing and security patching, and revised several advisory guidelines to provide further clarity on common scenarios relating to access requests and withdrawal of consent. A step-by-step guide on handling access requests has also been released to assist organisations with the formulation of these procedures.


11. Through these guides and advisory guidelines, we hope to drive a shift of mindset from compliance to accountability, and for organisations to take it upon themselves to foster a trustworthy data ecosystem that is conducive for innovation and data use.
    
    Global Trends & International Engagements


12. Personal data protection is not, and cannot be, a single jurisdiction’s effort. Global trends mark an international endeavor to ensure that innovation goes hand-in-hand with personal data protection. Data protection laws have to be kept relevant so that they do not inadvertently or unnecessarily inhibit economic growth and technology innovation.


13. We are aware of the need to play our part in the international personal data protection circuit. In our capacity as a member of the Asia Pacific Privacy Authorities (APPA), we will be hosting the 45^thAPPA Forum in Singapore tomorrow and Friday. A wide array of issues is scheduled for discussions, ranging from sharing of data breaches to new policy developments in other regions. Our participation in the APEC Cross Border Privacy Rules workshop and the IAPP Asia Privacy Forum over the past two days also highlighted our recognition of the need to ensure that regulations will facilitate data flows across borders, and our interest to be part of the discussions to attain this objective.
     

    Conclusion

14. Against the background of innovation and fast changing technology, the data ecosystem will always be fluid. As the personal data protection authority for Singapore, we will work with organisations and industry associations to optimise the opportunities and rewards of this data driven economy that comes along with the need to bridge innovation and trust.


15. I would like to thank Dr Yaacob, the Minister for Communications and Information for being our Guest of Honour for this year’s Seminar. I hope today’s discussions will be engaging and fruitful for everyone.


16. Thank you.