Singapore parliament passes personal data protection bill

Singapore's parliament passed a personal data protection bill on Monday, with rules stipulating heavy fines for data protection offenses and unsolicited marketing call or message to numbers in a "Do Not Call" registry. The Data Protection Bill, which was aimed to protect personal information from being stolen or indiscriminately collected and used for marketing purposes, puts Singapore among countries and regions with an information protection law, including New Zealand, Canada and China's Hong Kong. The bill has gone through three rounds of public consultation since last September. It is set to become law in January next year, with enforcement to begin 18 months later. Yaacob Ibrahim, minister for information, communications and the arts, said the bill will strengthen Singapore's status as a trusted hub and choice location for global data management and processing services. "It will also address growing concerns over the misuse of personal data and provide much needed protection for individuals in Singapore," he said. A Personal Data Protection Commission will be set up to enforce and oversee matters relating to the new act. The Do-Not-Call registry, which allow people to opt out of receiving intrusive marketing messages like telemarketing calls, faxes as well as text and multimedia messages including those sent via smart phone applications such as WhatsApp and Viber, could be launched by early 2014. Broadcast messages from smart phone applications are excluded as users are able to turn off the push messaging service on their phones. The Act covers all private sector organizations engaged in data activities within Singapore. The Personal Data Protection Commission can impose fines of up to 1 million Singapore dollars ( 800,000 U.S. dollars) for every offense and penalties of 10,000 Singapore dollars (8,000 U.S. dollars) for every unsolicited marketing call or message to a number in the "Do Not Call" registry. The Commission will also focus on educating consumers and businesses on the act when it comes into play, and devise compliance guidelines to help organizations understand the law's requirements. The public sector is not governed by the new law, as it already has its own data protection rules which are stricter than the new law in some cases. The act also makes it necessary for firms to seek consent before collecting and using people's private information. Individuals have to be informed of the purposes for which companies seek to obtain and disclose personal data. Exceptions may apply in the case of investigations, medical emergencies, and data that are collected for news activities.