Two bodies set up to enforce & advise on Personal Data Protection Act

SINGAPORE: The Ministry of Communications and Information (MCI) is setting up a Personal Data Protection Commission (PDPC) to administer and enforce the Personal Data Protection Act (PDPA).

The commission will undertake education and outreach programmes to help organisations and the public understand the law.

It will issue advisory guidelines for organisations to comply with the Act. It will also set up a "Do Not Call" registry in early 2014 for public registration.

The commission, appointed for a three—year term, will be helmed by the deputy CEO of the Infocomm Development Authority of Singapore, Leong Keng Thai.

Mr Leong Keng Thai, chairman of the Personal Data Protection Commission, said: "The Personal Data Protection Act addresses the growing concerns regarding potential misuse of personal data while allowing organisations to collect and use such data for legitimate purposes.

"During the transition period, the commission will work closely with sectoral regulators and associations to help organisations comply with the Act to adjust their data protection practices, and embark on public education and engagement programmes to help consumers better understand how they may protect their own personal data from misuse."

MCI is also setting up a Data Protection Advisory Committee to advise the commission on matters relating to its key roles, administration and enforcement of the Act.

The eight—member committee, appointed for a two—year term, will be chaired by the director and former director—general of the Intellectual Property Office of Singapore, Ms Liew Woon Yin.

Ms Liew said: "I am excited to be chairing the advisory committee. I look forward to working with the commission and assisting the commission in bringing about greater awareness of data protection and ensuring better protection of personal data and individuals’ interests.

"This will ultimately enhance Singapore’s overall economic competitiveness and strengthen trust in Singapore as a choice location for data management activities."

Both bodies will be established on 2 January next year when the Act comes into effect.

The Personal Date Protection Act was passed in Parliament on 15 October 2012 after a year—long series of public and industry consultations.

It will be implemented in phases over an 18—month period to allow time for organisations to adjust fully to the new law.

The Act will govern the proper collection, use, disclosure and care of personal data.

It also includes a national Do Not Call registry for individuals to opt—out of receiving unsolicited marketing calls, SMSes, MMSes and fax messages.

— CNA/al