FINALLY, AN END TO PRIVATE FIRMS SHARING YOUR DATA?
Government to introduce data protection law early next year
by Leong Wee Keat
Singapore – Relief may finally be in sight for consumers who are fed up with their personal data being flogged to private companies.
The Government will introduce a data protection law early next year, some seven years after a review of the Republic’s data protection regime was initiated.
The timeline was given by Minister for Information, Communications and the Arts Lui Tuck Yew in a written reply to Ang Mo Kio GRC MP Lee Bee Wah’s parliamentary query which was tabled during Monday’s Parliament session.
The minister added the proposed law is intended to “curb excessive and unnecessary collection of individuals’ personal data by businesses, and include requirements such as obtaining the consent of individuals to disclose their personal information”.
While it is not illegal to solicit personal data or to telemarket, concern has grown over data privacy – specifically how data is being obtained and sold.
Last month, for example, MediaCorp received a company’s offer of 10,000 emails of key Government and ministry officials at a price of S$1,000. Around 10,000 top management executives’ personal details were also offered for S$6,000.
In 2006, the Government had revealed that it had started examining the issue in November 2004. It formed an inter-ministry panel in October 2005, including representatives from ministries such as Trade and Industry, Finance and Home Affairs, as well as from other Government entities such as the Monetary Authority of Singapore.
Adding that the review has been completed, Mr Lui said: “The Government has concluded that it would be in Singapore’s overall interests to put in place a data protection regime, in order to protect individuals’ personal data against unauthorised use and disclosure for profit.”
The Infocomm Development Authority of Singapore (IDA), which is tasked to coordinate the effort, expects to release details of the proposed framework for consultation towards the end of this year.
Mr Bryan Tan, director of law firm Keystone Law Corporation, felt the proposed law could potentially apply to existing databases as well.
Mr Tan told MediaCorp: “A database is not a stagnant item – it grows and gets updated. Hence, these databases would over the course of time require updating and, accordingly, compliance.”
But technology lawyer Bryan Ghows noted that it was “logistically not possible” to go back to individual consumers on existing databases to ask for their consent to use their personal information. Thus, he thinks there may be a transition period. After which, “companies cannot use their existing data unless there is express consent”, said Mr Ghows.
Technology and telecommunications lawyer Rajesh Sreenivasan felt the Government would have to balance between protection of personal data and compliance costs for businesses when drafting the new law. He felt the proposed data protection law is “a win for all stakeholders” – consumers’ personal data will be better protected by businesses, while companies involved in cloud computing and data hosting services would receive better protection.
Mr Lui said a data protection council would be set up subsequently to oversee the implementation of the legislation. In the interim, the IDA said data would continue to be protected under sector-specific laws such as the Banking Act, Statistics Act and Official Secrets Act and common law.
Said an IDA spokesperson: “In addition, the Model Data Protection Code introduced in 2002 for voluntary adoption by the private sector will also govern the use of personal information by the Government and other companies who have adopted it.”
Source : TODAYonline – MediaCorp Press Ltd’s copyright