Langbahn Team – Weltmeisterschaft

Personal Data Protection Act 2012

Personal Data Protection Act 2012
Parliament of Singapore
  • An Act to govern the collection, use and disclosure of personal data by organisations, and to establish the Do Not Call Register and to provide for its administration, and for matters connected therewith, and to make related and consequential amendments to various other Acts.
CitationNo. 26 of 2012
Passed byParliament of Singapore
Passed15 October 2012
Assented to20 November 2012
Legislative history
Bill titlePersonal Data Protection Bill
Introduced byAssoc Prof Dr Yaacob Ibrahim
Status: In force

The Personal Data Protection Act 2012 ("PDPA") sets out the law on data protection in Singapore. The PDPA regulates the processing of personal data in the private sector.[1]

Overview

The PDPA establishes a general data protection regime, originally comprising nine data protection obligations which are imposed on organisations: the Consent Obligation, the Purpose Limitation Obligation, the Notification Obligation, the Access and Correction Obligation, the Accuracy Obligation, the Protection Obligation, the Retention Limitation Obligation, the Transfer Limitation Obligation and the Openness Obligation (now referred to as the Accountability Obligation).[2]

Major amendments to the PDPA were proposed and passed in 2020.[3][4] Among other changes, a tenth data protection obligation was added, namely, the Data Breach Notification Obligation.[5]

The PDPA also governs telemarketing in Singapore. It establishes the Do Not Call Registers, on which telephone numbers may be registered. There are three Do Not Call Registers: (i) the No Fax Message Register; (ii) the No Text Message Register; and (iii) the No Voice Call Register. Generally, if a telephone number is listed on a Do Not Call Register (e.g. the No Text Message Register), then it is not permitted to send a marketing message of the relevant kind to that telephone number.[6]

Personal Data Protection Commission

The PDPA establishes the Personal Data Protection Commission (PDPC) as the regulatory authority governing data protection in Singapore. The PDPC enforces the PDPA and publishes advisory guidelines on the interpretation of the PDPA.[7] To date, the PDPC has enforced the PDPA against a number of organisations.[8][9][10] Notable enforcement cases include SingHealth, which was implicated in the 2018 SingHealth data breach.[11]

Management

Commissioner
Date Commissioner Remarks
1 January 2017 - 20 June 2020 Tan Kiat How
20 June 2020 - present Lew Chuen Hong [12][13]

References