Latest Articles

On May 22, 2019, Singapore’s Personal Data Protection Commission introduced three new initiatives: a)   A public consultation on data portability. The corresponding consultation paper also proposes to introduce data innovation provisions as part of the ongoing review of the Personal Data Protection Act (PDPA). The consultation is open for six weeks and will close on July 3, 2019. b)   A guide on active enforcement. c)   An updated guide on managing data breaches. Public…
On 23 April 2019, Singapore’s Personal Data Protection Commission (commission) issued two separate grounds of decision against PAP Community Foundation and Tutor City. In both cases, the commission issued warnings to the organisations for breaching the protection obligation under section 24 of the Personal Data Protection Act (PDPA), but no financial penalty was imposed. PAP Community Foundation (PCF) The facts of this case were as follows: PCF provides kindergarten services, and organises various school…
On 1 April 2019, the Protection from Online Falsehoods and Manipulation Bill was tabled in Singapore’s Parliament. The bill aims to stem the communication of false statements of fact, enable the detection and control of information manipulation, and promote the transparency of online political advertisements. Any person or organisation that spreads online falsehoods with malicious intent to harm the public interest in Singapore could face a fine of up to SGD 500,000 or, in the…
On 11 March 2019, the Personal Data Protection Commission of Singapore (PDPC) issued a set of advisory guidelines for management corporations of strata title plans (MCSTs), which were developed in consultation with Singapore’s Building and Construction Authority. The guidelines provide guidance to MCSTs on complying with Singapore’s Personal Data Protection Act (PDPA), and some key aspects are as follows: As an MCST comprises the subsidiary proprietors of all lots within the strata title plan of…
On 25 February 2019, Minister for Communications and Information announced that Singapore is considering, as part of an ongoing review of the Personal Data Protection Act (PDPA), introducing a data portability requirement that would confer greater control and rights by data subjects over the movement of their personal data across service providers. In connection with this, a discussion paper on data portability has been made available by the Personal Data Protection Commission in collaboration with…
The UK’s Financial Conduct Authority (FCA) has announced the launch of the Global Financial Innovation Network (GFIN), an association of 29 regulatory bodies (Members) which will cooperate to promote innovation and share experiences and approaches to supervising new technologies in the financial services sector. The proposal to launch the GFIN was set out in a consultation paper in August 2018, and has received strong industry support. A key GFIN initiative is a pilot scheme allowing…
Singapore has set up a new Telecom Cybersecurity Strategic Committee (TCSC) to develop a plan to tackle ‘next-generation cyber threats’ in the telecommunications sector. The committee is expected to publish a strategy report and outline a roadmap for telecommunications operators to develop cybersecurity capabilities later in 2019. The report and roadmap will include recommendations for new initiatives such as capability development, technology innovation, regulation and international partnerships. In his opening address at the inaugural Infocomm
On 22 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against COURTS (Singapore) Pte Ltd (Courts), a consumer electronics and furniture retailer in Singapore. The facts of the case were as follows: A complaint was brought by an individual who discovered that his contact number and address were disclosed in an automatically opened webpage, when he entered his name and email address on Courts’ guest login page when making a purchase…
On 14 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against Singapore Health Services Pte. Ltd. (SingHealth) and Integrated Health Information Systems Pte. Ltd. (IHiS) for what has been coined the “worst breach of personal data in Singapore’s history”. The unprecedented cyber attack on SingHealth’s patient database system led to the exfiltration of 1.5 million patients’ personal data and nearly 160,000 patients’ outpatient prescription records. The commission received several complaints from…
On January 3, 2019, Singapore’s Personal Data Protection Commission issued two grounds of decision against Bud Cosmetics and AIG Asia Pacific Insurance Pte Ltd & Toppan Forms (S) Pte Ltd. Bud Cosmetics The facts of this case were as follows: Bud Cosmetics is an organic and natural skincare retailer with retail outlets in Singapore and an online store. It collected customer information for membership registration and maintained two separate databases: one for online registrations…