Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection & Privacy in Singapore Presented By Goh Seow Hiong Deputy Director (Infocomm Devt Policy) Infocomm Development Authority of Singapore 27.

Similar presentations


Presentation on theme: "Data Protection & Privacy in Singapore Presented By Goh Seow Hiong Deputy Director (Infocomm Devt Policy) Infocomm Development Authority of Singapore 27."— Presentation transcript:

1 Data Protection & Privacy in Singapore Presented By Goh Seow Hiong Deputy Director (Infocomm Devt Policy) Infocomm Development Authority of Singapore 27 March 2001 Confidential © IDA Singapore 2000

2 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Overview 2 Privacy & Data Protection Not provided under constitution or general law BUT Public sector Strict laws protecting the confidentiality of data held by the government & statutory boards Private sector Sectoral privacy laws Industry codes of practice Common law Law of confidence

3 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Statutory Framework 3 Statutory framework covers both the public and private sectors (sectoral laws) Public sector Official Secrets Act Statistics Act Central Provident Fund Act Electronic Transactions Act etc. Private sector Computer Misuse Act Telecommunications Act & Telecom Competition Code Banking Act etc. More than 150+ laws with privacy provisions!

4 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Public Sector Framework 4 Official Secrets Act s 5 & Statutory Bodies and Government Companies (Protection of Secrecy) Act s 3 Information entrusted in confidence to a person owing to his official position must take reasonable care of the information must not retain if required lawfully to dispose of it Statistics Act Information on any individual obtained under the Act must not disclose without written consent of that person may disclose if it can be done without identifying the individual and Minister determines that an appropriate time has elapsed

5 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Public Sector Framework 5 Central Provident Fund Act s 59 Information acquired by employee in course of duty/employment must not, without lawful authority, communicate or publish to any person Electronic Transactions Act s 48 Information acquired through exercise of certain powers under the Act must not disclose except for lawful purposes eg. to prosecute offences under ETA Etc.

6 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Private Sector Framework - Regulatory 6 Computer Misuse Act s 3 Information or data held in any computer criminal offence to access without authority Telecommunications Act s 42 Information transmitted by telecommunications criminal offence to intercept without lawful authority IDA Code of Practice for Competition in the Provision of Telecom Services s (mandatory code) End User Service Information e.g. end user’s calling patterns, billing address, credit history etc. licensee has duty to protect

7 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Private Sector Framework - Regulatory 7 Banking Act s 47 Particulars of account holder e.g. bank balance cannot divulge without the written permission of the customer Etc.

8 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Private Sector Framework - Self-Regulatory 8 Industry Codes of Practice regulate the professional conduct of members provide mechanisms for complaints handling and dispute resolution Examples of such Codes Direct Marketing Association of Singapore (DMAS) Code of Practice National Association of Travel Agents of Singapore (NATAS) Code of Practice National Internet Advisory Committee’s “Electronic Commerce Code for the Protection of Personal Information and Communications of Consumers of Internet Commerce” (1998)

9 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 E-Commerce Code 9 Background Published by National Internet Advisory Committee in Sept 1998 Voluntary scheme establishing standards of behaviour for ISPs and Internet content providers How it works Code is administered by a Compliance Authority (self- regulatory certification body) that grants the use of a “Privacy Code Compliance Symbol” to companies that comply with the Code CaseTrust became the 1st Compliance Authority in 1999

10 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 E-Commerce Code 10 Objectives of code To encourage use of the Internet for delivery of public services and e-commerce To provide minimum standards for the use and management of personal information of Internet users To protect the confidentiality of private communications To provide a channel for handling of complaints by consumers of Internet commerce relating to non- compliance with the Code

11 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Privacy Principles in Code 11 Confidentiality Must take reasonable steps to ensure confidentiality of users’ personal particulars Must not sell users’ personal particulars (unless as part of the sale of the business as a going concern) Collection and use Should collect and use users’ personal particulars only with users’ consent Should give the user an option as to whether the provider can send promotional materials to the user on behalf of third parties or release information to third parties for the purposes of sending such materials

12 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Privacy Principles in Code 12 Accuracy Must take reasonable steps to ensure that users’ personal particulars are accurate and kept up-to-date can be checked by the user upon request, and erased or rectified as requested by the user

13 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Enforcement & Compliance 13 Compliance Provider must establish operational procedures for compliance with the Code Sanctions Compliance Authority may investigate any complaint, and after giving the provider a reasonable opportunity to be heard dismiss the complaint give a warning to the provider revoke or suspend the provider’s right to use the “Privacy Code Compliance Symbol” publicise the non-compliance by the provider

14 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Law of Confidence 14 Background Right derives from common law and/or equity Covers trade secrets, state secrets and personal secrets Close analogy to property Elements of action Information has quality of confidence Information is imparted within a relationship of confidentiality Unauthorised use and disclosure

15 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Recent Developments 15 Worldwide devts More and more countries are enacting general data protection/privacy laws e.g. Chile, Australia, Canada Lack of consumer privacy is becoming a significant obstacle to e-commerce US studies: US$2.8 b in lost online sales in 1999, potential losses of up to US$18 b by 2002 (compared to projected total sales of US$40 b) Domestic devts IDA Consultation Paper on Building Trust and Confidence in Electronic Commerce general view - businesses are not doing enough to protect privacy half think this is impeding b2c e-commerce adoption Sanctions Compliance Authority may investigate any complaint, and after giving the provider a reasonable opportunity to be heard dismiss the complaint give a warning to the provider revoke or suspend the provider’s right to use the “Privacy Code Compliance Symbol” publicise the non-compliance by the provider

16 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Singapore’s Response 16 Educate industry on the need to do more to protect consumer privacy Set up National Trust Council to look into pertinent issues like trust marks, fraud management & best practices in e-business to implement National Trust Mark Programme to accelerate adoption of trust marks to appoint professional bodies as Authorised Code Owners (ACOs) to certify businesses with sound e-business security & privacy practices CASE appointed as the first ACO Set up inter-government agency task force to examine privacy issues comprehensively Leverage on industry-led activities to develop best practices & codes

17 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 Conclusion 17 Multi-pillar approach to data protection & privacy Sectoral Laws Codes of Practice Common Law National Trust Council Data Protection Framework Industry Education

18 Data Protection & Privacy in Singapore 27 Mar 01 Copyright © IDA Singapore 2001 THANK YOU For more information 18


Download ppt "Data Protection & Privacy in Singapore Presented By Goh Seow Hiong Deputy Director (Infocomm Devt Policy) Infocomm Development Authority of Singapore 27."

Similar presentations


Ads by Google