17 July 2013: Organised by the Law Society of Singapore, over 100 stakeholders gathered for a half-day session to learn about the Personal Data Protection Act (PDPA) and its effect on conducting business.
The session opened with an overview of the PDPA by Personal Data Protection Commission’s General Counsel, David Alfred. Of note were the clarifications that Government Agencies and Data Intermediaries were largely exempted from the Act. The overview also addressed the penalties for breaching the PDPA.
Director of George Hwang LL.C, Mr George Hwang, delivered a definition of ‘personal data’ and what the term means legally. Information on Singaporeans’ NRICs, for example, is deemed personal data. He drew comparisons with UK Personal Data Law cases, such as Durant v FSA, where access to personal data was denied as the subject’s purpose was merely to further litigation. Mr Hwang delved into the need to anonymise personal data when disclosing without consent from data subject. There is also the importance of differentiating personal data from intellectual property and confidential information.
With regard to the Do-Not-Call (DNC) Registry, Mr Hwang covered stakeholders’ obligations, but highlighted that there exists no right to private action when the DNC rules are breached. The Commission has yet to formulate any subsidiary legislation for the filing of complaints by telephone subscribers who receive unwanted calls or messages.
The floor was opened for questions, and a few pertinent points were raised: IP addresses may only constitute personal data when it is applied towards identifying the individual; as for online marketing, such as data gathered on the readership of e-newsletters, data collected may not fall under the ambit of the PDPA so long as there is nothing personally identifiable about its manner of use. In general, all firms have primary responsibility in ensuring that there is no breach of the PDPA.