The Personal Data Protection Commission (PDPC) in Singapore introduced updated advisory guidelines to help companies stay in compliance with the Personal Data Protection Act (PDPA).
The Personal Data Protection Commission (PDPC) in Singapore introduced the Guide to Preventing Accidental Disclosure when Processing and Sending Personal Data, as well as updates to the three existing guides on January 20, 2017.
The updates refer to the Guide to Securing Personal Data in Electronic Medium, Guide to Disposal of Personal Data on Physical Medium, and Guide on Building Websites for SMEs. In addition, the PDPC also released two enforcement decisions on January 25, 2017, relating to the breach of personal data protection obligations under the PDPA.
Strict financial penalties were imposed on the organizations in breach of PDPA regulations for their failure to prevent unauthorized access of individuals’ personal data stored online.
In one of the decisions, the PDPC also directed the organization to cease storage of documents containing personal data via its internal system until appropriate remedial actions have been completed. The PDPC’s willingness to enforce the PDPA sends a clear message to organizations in control of personal data, as well as data intermediaries, that the PDPC will take any breach of the data protection obligations seriously.
Accordingly, organizations concerned about compliance with the PDPA should take action immediately to ensure compliance with their obligations under the PDPA.
The new Guide to Preventing Accidental Disclosure When Processing and Sending Personal Data aims to equip organizations with the knowledge to prevent accidental disclosure when processing and sending out personal data and includes recommendations on good practices that organizations should adopt.
Updates to the existing guides include the following:
