On October 15, 2012, the Singapore Parliament passed the Bill for the Personal Data Protection Act 2012. The enactment of this Act is a fundamental shift in Singapore’s approach to data protection, away from the current sectoral approach to a more European-like general data protection approach. The Act aims to establish a framework for personal data protection, by including recognized data protection concepts such as consent, withdrawal, notification of purpose, and access to and correction of personal data.
Specifically, the Act purports to govern the collection, use and disclosure of personal data by organizations in a manner that recognizes both the right of individuals to protect their personal data and the need of organizations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate under the circumstances. The new framework will apply to organizations in private sectors, with certain exceptions. Under the Act, personal data is defined as data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organization is likely to have access. The framework encompasses data in both electronic and non-electronic form.
The Act establishes a Data Protection Commission for regulatory enforcement, with the right to impose fines and imprisonment. A private right of action is also established. Generally, the Act appears to utilize a more principle-based approach than a prescriptive approach, leaving it to the Data Protection Commission to provide consultancy and to administer the Act.
We are glad to feature a summary of the Personal Data Protection Act 2012 on our blog, written by Elle Todd of Olswang LLP. Elle is located in Olswang’s Singapore office. Olswang is a member of the Alston & Bird Privacy and Security Network and an international law firm with offices in 6 countries (Belgium, France, Germany, Spain, the UK, and Singapore).
The views and opinions expressed in the summary of the Personal Data Protection Act 2012 are solely those of the author. They are not necessarily representative of the views of Alston & Bird LLP or Olswang LLP. The materials on this blog and the summary of the Personal Data Protection Act 2012 are provided for informational purposes only and do not constitute legal advice. Please contact any member of the Alston & Bird’s Privacy & Security team if you are seeking legal advice.
Written by Maki DePalo, Associate | Alston & Bird LLP