7 May 2014 – Two months before the full compliance date expected of private organisations, the Law Society of Singapore held a seminar on Personal Data Protection. This was the second in the run-up to the deadline of 2 July 2014. The first seminar was held last year.
The total number who signed up was 140. This was larger than last year’s. They were mainly practicing lawyers and some in-house counsels.
The speakers for the first seminar returned this time with practical insights for the audience. This included George Hwang, Director of George Hwang LL.C. One new speaker is Lynette Boxall, former Regional Counsel of Visa International for the Asia Pacific region. Lyn joins George Hwang LL.C. in June 2014.
The seminar opened with Mr David Alfred, General Counsel of the Personal Data Protection Commission, giving an overview of what would be crucial for organisations and topics such as anonymisation and recording of images by CCTV.
George shared with the audience on how to implement a data protection programme. It is a marriage of legal and operational issues. There is no point having a programme which is legally perfect but which is impossible for the organisation to implement. Distinguishing between the software and the hardware, George drew the analogy that the policies are the software and they need to be complimented by hardware, such as manuals and notices. The final product will be a personal data protection programme tailored for the organization’s needs and compliant with the PDPA.
George brought the audience’s attention to the concept of “right to be forgotten” and the decision of the Hong Kong Commission for the “Do No Evil” case. The case involved a smartphone application that aggregates information found in the public domain on websites of various government registries. The Commission held that even though the information has been published, the usage is outside the scope of its original purpose. As such, it is beyond the reasonable expectation of the data subjects.
Lyn covered the business case for compliance. Proper personal data management can build customer trust. The audit and implementation of a personal data protection compliance system give businesses the chance to study its customer relationship management system too.
The seminar ended with all the speakers sitting on a panel to address questions from the floor, for one last time.
For more information on the implementation of a personal data protection programme for your organisation, you may contact George Hwang at george@georgehwangllc.com