Briefing on 25 Jan 2016 at ERA@MBSq 1
Data Protection Officer (DPO) Under the Personal Data Protection Act 2012 (PDPA), organisations are required to develop and implement policies and practices that are necessary to meet its obligations under the PDPA. In particular, organisations are required to designate at least one individual, known as the data protection officer (DPO), to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA. DPO: Poh Chee Yong Email: Dpo@era.com.sg 2
Personal Data Protection Act 2012 (PDPA) Administered by • Operates on a complaint-based regime • Objectives: • a) Protect individuals’ data from misuse; and b) Strengthens Singapore’s position as a trusted business hub and choice location for data hosting and processing activities (cross-border transfer) 3
Personal Data Protection Act 2012 (PDPA) AREAS TO BE COVERED IN THIS SESSION 1. National Do-Not-Call (DNC) Registry 2. Data Protection 3. Case Studies 4. Marketing Can-Dos! Responsible Marketing 4
1. What is DNC? The Do Not Call (DNC) Registry lets you opt out of marketing messages addressed to your Singapore telephone number, such as those which promote or advertise a good or service, allowing you to have more control over the kind of messages you receive on your telephone, mobile phone or fax machine. 30 days window The DNC regime under the PDPA prohibits organisations from sending such messages to Singapore telephone numbers, including mobile, fixed-line, residential and business numbers, registered with the registry. “Right to be left alone” What is the definition of Organisation? 5
Do Not Call (DNC) Came into effect on 2 January 2014 Before you call/sms/fax, you need to check against the National DNC Registry (unless you have clear and unambiguous consent in written form if you are sending a specified message (commercial marketing content) => we call this “scrubbing” Examples Advertise/promote goods or services, land or interest in land, or business/investment opportunity Other Countries USA – started in June 2003 Canada – law passed in Jun 2006 UK – started in May 2009 Australia – law passed in Jun 2006 6
Do Not Call (DNC) Exceptions/Exemptions Ongoing relationship (vs one-off) • - can send sms/fax without checking DNC (but cannot call) - must have opt-out option (30 days to take effect) Messages for pure market survey or research • Messages that promote charitable or religious causes • Personal messages sent by individuals • Messages to respond to an emergency that threatens the life, health • or safety of an individual Public messages by govt agencies • Political messages • B-2-B messages • 7
Do Not Call (DNC) www.era.com.sg/spidergate 8
Do Not Call (DNC) ERA maintains a BLACKLIST (internal DNC register). If you received UNSUB requests, please inform the DPO at dpo@era.com.sg so that the number and/or email address / residential address can be added to ERA’s DNC list. To see the ERA DNC List , go to MyERA portal >> Corporate Services >> Compliance >> Do Not Call List Download the excel file. Updated everyday. 3 sections – Do Not Call/SMS , Do Not Email and Do Not Mail . 9
2. Data Protection - What is Personal Data? Data Provisions came into effect on 2 July 2014 Personal Data is defined in the PDPA as “data, whether true or not, about an individual who can be identified a) from that data; or b) from that data and other information to which the organisation has or is likely to have access”. 10
What constitutes Personal Data? Personal Data under the PDPA may include the following: - Full name - NRIC - Passport Number - Vehicle license plate number - Mobile/Tel number - Photograph (can see side or front of face) - Personal email address - Thumbprint - DNA profile - Name and residential address - Name and residential telephone number 11
Personal Data Protection Act The PDPA establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data. It recognises: - The rights of individual to protect their personal data, including rights of access and correction - The needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes. 12
Personal Data Protection Act Exceptions: The PDPA affects every single private organisation except: - Any individual acting in a personal or domestic basis - Any employee acting in the course of his or her employment within an organisation - Any public agency - Business contact information – individual’s name, position name or title, business telephone number, business address, business email address 13
Data Protection - Measures 1) Administrative – Contracts & Forms MyERA portal >> e-Downloads >> CEA/ERA Documents 14
Data Protection - Measures 2) Physical – Safes, Cabinets 3) Technical – Encryption, passwords, screen-lock, firewall, anti-virus 15
3. Case Studies Star Zest Home Tuition The director, Mr Law Han Wei, 35 was fined $39,000 in Aug 2014 16
17
Sep 2014 18
Sep 2014 19
4. Marketing Can-Dos! Responsible Marketing Slides 21 to 23 – Special thanks to DMAS 20
21
22
23 Slides 21 to 23 – Special thanks to DMAS
Questions? 24
Recommend
More recommend
