What’s is the big fuzz about PDPA?
With a rising spate of complaints over telemarketers “harassing” people with the phone calls or text messages, the Government of Singapore has further looked into the matter and emphasised heavily on personal protection with the introduction of the PDPA policy. This is designed to safeguard an individual’s personal data against misuse. It comprises of the recently introduced national Do-Not-Call registry and a new enforcement agency that is tasked to regulate the management of personal data by businesses and impose penalties.
Personal Data defined
Personal data refers to data regardless of truth, about an individual who can be identified from the data. Unique information (e.g. NRIC number, passport number) as well as other relevant information (address, age, name,telephone number) about the individual. The act allows individuals more control over their personal data, since prior consent has to be given and they would need to be informed of the purpose of information collected.
PDPA is implemented in phrases to allow businesses to accommodate their processes to it. The introduction of the Do Not Call (DNC) Registry started in 2 Jan 2014 and was followed up with the personal data protection on 2 July 2014. You might have noticed in the news that companies are being fined or penalised with regards to the DNC or PDPA rulings. Well, we at Empire Global had complied way much earlier than those dates.
Personal Data Protection Act: The Whole Idea
1. Tackle Issue of Unsolicited Telemarketing Calls & Messages
The national Do-Not-Call (DNC) Registry created early 2014, prohibits organisations in Singapore to send specified messages to any Singapore number registered with the DNC, unless prior consent was given. If any company is caught violating the data protection rule or are non-compliant, they would be fine heavily.
2. Enhance Country Competitiveness
With the introduction of the PDPA, the new data protection law is poised to strength the nation’s position as a trusted business hub. You would not want companies “harassing” you right? Which is why Empire Global focuses primarily on financial education instead of hard-selling you.
3. Data Protection Commission (DPC)
The DPC team has the power to initiate investigations and/or conduct enquires on companies. They are able to direct non-complying companies to be fined up to SGD$1million.
4. National Do Not Call Registry
With the newly setup registry, individuals can now opt-out of receiving marketing messages in form of phone calls, short message service (SMS) messages, multimedia message service (MMS) messages or fax messages. It is now an offence for organisations to send messages registered under the “Do Not Call Registry”. Such offences are punishable by a maximum fine of SGD$10,000.
In short, What’s in it for you?
As a consumer you are protected by the PDPA. PDPA prohibits organisations from collecting, using or disclosing personal data about an individual unless prior consent is given for such collection or disclosure was made. Organisations can only collect information for reasonable purposes.
The moneylending industry is extremely competitive. The introduction of PDPA and the DNC registry, we have seen some known moneylenders getting hefty fines or licenses revoked. The practise of getting and tempting customers through phone calls and messages have went down a lot, marketers of such lending schemes are desperately finding new ways to find new customers.
So if you are borrowing in future, do be careful of unknown messages that come to you promising low interest rates or quick schemes. Always always, read before you sign anything. That’s rule no.1 for us at Empire Global.
Main Data Protection Obligations of the PDPA
- Notification – Individual must be notified about collection, usage and disclosure of personal data.
- Consent – Consent of individual is important to collect, use or disclose their personal data
- Retention Limitation – Requires organisation to remove all personal data when the campaign has ended officially.
- Openness – Organisation must be transparent with the information about your data protection polices, practices and complaint process available on request.
- Purpose Limitation – This restrict the individual data to be used for a particular product or services that is agreed upon.
- Transfer Limitation – Personal data is transferrable to another country only if the requirement prescribed is under the regulation.
- Access & Correction Accuracy – This allows individual to access and edit all information which their personal data is used.
- Accuracy – Personal data must be validated before proceeding with any campaigns.
- Protection – Protection of personal data must be done by having security arrangement within organisation and external parties that will be handling your data.