Starting from 2 January 2014, the Do Not Call (DNC) provisions under the Personal Data Protection Act 2012 (PDPA) generally prohibits organisations from sending certain marketing messages (in the form of voice calls, text or fax messages) to Singapore telephone numbers, including mobile, fixed-line, residential and business numbers, registered with the DNC Registry.
Such marketing messages generally have one or more of the following purposes:
- Offer to supply, advertise or promote goods or services;
- Advertise/promote suppliers or prospective suppliers of goods or services; or
- Supply/advertise/promote land, interests in land or business/investment opportunities.
Whether your organisation is directly sending such marketing messages, causing the message to be sent or authorising another organisation to do so, your organisation has to ensure that such messages are not sent to Singapore telephone numbers registered with the DNC Registry.
In the event of a potential breach, the PDPC will rely on the authentic results list(s) generated by the DNC Registry in its investigations.
Organisations sending marketing messages to Singapore telephone numbers will need to:
- Check with the DNC Registry, unless you have the recipients’ clear and unambiguous consent in written or other accessible form for sending the marketing message to the Singapore telephone number.
- Your organisation may also send a text or fax message (but not voice call) on related products, services and memberships to individuals with whom you have an ongoing relationship (a series of one-off transactions does not constitute an ongoing relationship), without the need to check the DNC Registry. In your message, you are required to provide information on how individuals can opt out of such messages using the same medium by which the message is sent. Upon receiving an individual’s opt-out request, you may no longer rely on the exemption and must stop sending such messages to that individual 30 days after the opt-out. Please refer to the Personal Data Protection (Exemption from Section 43) Order 2013 for more information.
- If your organisation is sending a text or fax message, include clear and accurate information identifying your organisation as well as contact details within the message. This allows the recipient to contact you for clarifications, if necessary.
- If your organisation is making a voice call, ensure that the calling identity, or phone number from which the message is sent out from, is not concealed.
The DNC Registry, however, does not cover messages sent for other purposes, such as service calls or reminder messages sent by organisations to render services bought by the individual. Messages for pure market survey or research and those that promote charitable or religious causes are also not covered under the DNC provisions. Telemarketing calls or messages of a commercial nature that target businesses are also excluded from the DNC Registry rules. For the list of messages that are excluded under the PDPA, please refer to the Eighth Schedule of the PDPA.
For an elaboration of application of the DNC provisions, please refer to our Advisory Guidelines on the Do Not Call Provisions. Details of the DNC Registry business rules and relevant fees can be found here.
An organisation that sends any specified message must ensure compliance with the DNC provisions, including the applicable regulations relating to the DNC Registry. In particular, under the DNC provisions, an organisation that sends a specified message addressed to a Singapore telephone number registered with the DNC Registry is guilty of an offence (unless clear and unambiguous consent in written or other accessible form had been given by the user/subscriber).
If your organisation intends to engage a third-party to check the DNC Registry on its behalf, it should consider how best to address the risks involved, with the assistance of professional advisors (where necessary). This could include, for example, entering into a written contract for such engagements where the roles and responsibilities of each party (as between the two parties) are clearly defined, and taking reasonable effort to ensure that the DNC Registry results that they received from the outsourced party are valid and have not been tampered with.
Please note that third-party service providers offering alternative DNC Registry checking facilities are not associated with / accredited by/ endorsed by the Personal Data Protection Commission (PDPC). Organisations should assess the risks before deciding to use third-party service providers.