Singapore's Personal Data Protection Commission (PDPC) has introduced three new initiatives to facilitate the movement and use of data to support innovation, and to strengthen accountability among organisations:
1) A public consultation to seek views on proposed data portability and data innovation provisions, as part of the review of the Personal Data Protection Act 2012 (PDPA);
2) A new Guide on Active Enforcement as part of its drive for organisations to shift from compliance to accountability; and
3) An updated Guide to Managing Data Breaches 2.0, to help organisations manage and respond to data breaches more effectively.
Public consultation
Building on the data portability discussion paper launched in February, PDPC has launched its third public consultation to seek feedback on the proposed introduction of the data portability and data innovation provisions. The proposed data portability provision will provide individuals with greater control over their personal data and enable greater access to more data by organisations to facilitate data flows and increase innovation, while the proposed data innovation provision makes it clear that organisations can use data for appropriate business purposes without individuals’ consent.
This is aligned with a global push towards data portability, with jurisdictions such as the European Union, Australia, India, Japan and New Zealand either having implemented or planning to implement data portability in their respective data protection regimes.
Guide on Active Enforcement
PDPC’s new guide to Active Enforcement articulates its approach in deploying its regulatory powers to act efficiently and effectively when dealing with data breaches to safeguard the public interest. PDPC has also introduced a new expedited decision process to bring investigations on clear-cut data breaches to a conclusion quickly. The process draws on data breach cases in the last four years and feedback from stakeholders.
Guide to Managing Data Breaches 2.0
PDPC also updated its existing guide to better support organisations in managing data breaches effectively. Under the updated guide, organisations should have in place monitoring measures to provide early detection and warning for possible data breaches, and a data breach management plan for reporting and assessing a data breach. Organisations are urged to consider taking up this approach as this will allow them to respond to data breaches confidently and prepare for the PDPC’s planned introduction of a mandatory breach notification in its upcoming Act Amendment.
For more information, please visit https://www.pdpc.gov.sg/Legislation-and-Guidelines/Public-Consultations