The Personal Data Protection Commission (PDPC) of Singapore has proposed several amendments to the Personal Data Protection Act (PDPA), such as the mandatory reporting of certain data breaches to customers.
According to a press release from the PDPC, the move seeks to “give affected individuals the opportunity to take steps to protect themselves from the risks and impact of a data breach.”
The commission clarified that the notifications will be mandatory only when there is a risk that the data breach can harm customers, in order to avoid “notification fatigue” caused by too frequent reminders.
Organisations will need to notify PDPC in case there’s a significant breach that involves the data of more than 500 individuals. The organisations are also required to notify a law enforcement agency, so the two notifications must be done simultaneously.
The PDPC is also considering reinforcing the PDPA by allowing companies to collect, use or disclose personal data in cases where consent is not easily obtained. But it added that individual consent remains the key basis for organisations to collect, use, and disclose personal data.
These changes, if enacted, will affect organisations such as insurers, other financial institutions, and healthcare providers, which collect and store large amounts of personal data from their customers.
According to Dr. Yaacob Ibrahim, Minister of Communications and Information, the proposed amendments will encourage responsible data sharing so businesses can innovate and protect their customers’ data at the same time.
“Today, companies already have to share data with others in the ecosystem in order to provide services,” Ibrahim was quoted as saying at the fifth annual Personal Data Protection seminar by
Channel News Asia. “For example, when we purchase car insurance, our good driving record with one insurance company can be ported over to another insurance company when we switch insurers.”
“The no-claim bonus allows good drivers to enjoy a preferential insurance premium. Companies that collaborate can achieve so much more for their customers,” he added.
Ibrahim highlighted the importance of data to the digital economy, saying that building a trusted, robust, and progressive data protection environment in the country will help it reap the economic benefits offered by the digital economy.
Related stories:
Asia‘s cyber insurance shields are inadequate – study
Many Singapore businesses only take out insurance after an incident - report
Companies spend four times more on property cover than cyber