Briefing on 25 Jan 2016 at ERA@MBSq 1 Data Protection Officer (DPO) - - PowerPoint PPT Presentation

1

Briefing on 25 Jan 2016 at ERA@MBSq

2

Under the Personal Data Protection Act 2012 (PDPA), organisations are required to develop and implement policies and practices that are necessary to meet its obligations under the PDPA. In particular, organisations are required to designate at least one individual, known as the data protection officer (DPO), to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA.

Data Protection Officer (DPO)

DPO: Poh Chee Yong Email: Dpo@era.com.sg

3

• Administered by
• Operates on a complaint-based regime
• Objectives:

a) Protect individuals’ data from misuse; and b) Strengthens Singapore’s position as a trusted business hub and choice location for data hosting and processing activities (cross-border transfer)

Personal Data Protection Act 2012 (PDPA)

4

Personal Data Protection Act 2012 (PDPA)

AREAS TO BE COVERED IN THIS SESSION

• 1. National Do-Not-Call (DNC) Registry
• 2. Data Protection
• 3. Case Studies
• 4. Marketing Can-Dos! Responsible Marketing

5

• 1. What is DNC?

The Do Not Call (DNC) Registry lets you opt out of marketing messages addressed to your Singapore telephone number, such as those which promote or advertise a good or service, allowing you to have more control over the kind of messages you receive on your telephone, mobile phone or fax machine. The DNC regime under the PDPA prohibits organisations from sending such messages to Singapore telephone numbers, including mobile, fixed-line, residential and business numbers, registered with the registry. “Right to be left alone”

What is the definition of Organisation?

30 days window

6

Do Not Call (DNC)

Came into effect on 2 January 2014 Before you call/sms/fax, you need to check against the National DNC Registry (unless you have clear and unambiguous consent in written form if you are sending a specified message (commercial marketing content) => we call this “scrubbing” Examples Advertise/promote goods or services, land or interest in land, or business/investment opportunity Other Countries USA – started in June 2003 Canada – law passed in Jun 2006 UK – started in May 2009 Australia – law passed in Jun 2006

7

Do Not Call (DNC)

Exceptions/Exemptions

• Ongoing relationship (vs one-off)
• can send sms/fax without checking DNC (but cannot call)
• must have opt-out option (30 days to take effect)
• Messages for pure market survey or research
• Messages that promote charitable or religious causes
• Personal messages sent by individuals
• Messages to respond to an emergency that threatens the life, health
• r safety of an individual
• Public messages by govt agencies
• Political messages
• B-2-B messages

8

Do Not Call (DNC)

www.era.com.sg/spidergate

9

Do Not Call (DNC)

ERA maintains a BLACKLIST (internal DNC register). If you received UNSUB requests, please inform the DPO at dpo@era.com.sg so that the number and/or email address / residential address can be added to ERA’s DNC list. To see the ERA DNC List, go to MyERA portal >> Corporate Services >> Compliance >> Do Not Call List Download the excel file. Updated everyday. 3 sections – Do Not Call/SMS, Do Not Email and Do Not Mail.

10

• 2. Data Protection - What is Personal Data?

Data Provisions came into effect on 2 July 2014 Personal Data is defined in the PDPA as “data, whether true or not, about an individual who can be identified a) from that data; or b) from that data and other information to which the

• rganisation has or is likely to have access”.

11

What constitutes Personal Data?

Personal Data under the PDPA may include the following:

• Full name
• NRIC
• Passport Number
• Vehicle license plate number
• Mobile/Tel number
• Photograph (can see side or front of face)
• Personal email address
• Thumbprint
• DNA profile
• Name and residential address
• Name and residential telephone number

12

Personal Data Protection Act

The PDPA establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data. It recognises:

• The rights of individual to protect their personal data, including

rights of access and correction

• The needs of organisations to collect, use or disclose personal data

for legitimate and reasonable purposes.

13

Personal Data Protection Act

Exceptions: The PDPA affects every single private organisation except:

• Any individual acting in a personal or domestic basis
• Any employee acting in the course of his or her employment

within an organisation

• Any public agency
• Business contact information – individual’s name, position name
• r title, business telephone number, business address, business

email address

14

Data Protection - Measures

1) Administrative – Contracts & Forms

MyERA portal >> e-Downloads >> CEA/ERA Documents

15

Data Protection - Measures

2) Physical – Safes, Cabinets 3) Technical – Encryption, passwords, screen-lock, firewall, anti-virus

16

• 3. Case Studies

Star Zest Home Tuition The director, Mr Law Han Wei, 35 was fined $39,000 in Aug 2014

17

18

Sep 2014

19

Sep 2014

20

• 4. Marketing Can-Dos!

Responsible Marketing

Slides 21 to 23 – Special thanks to DMAS

21

22

23

Slides 21 to 23 – Special thanks to DMAS

24

Questions?