dec
edm_03

Follow us on:

fb linkedin youtube

To prepare workers for the Digital Economy, it is imperative that they acquire new skills, which can lay the foundation for new career choices.

Yeong Zee Kin,
Deputy Commissioner, PDPC
data-protection

Hello Great Expectations,
Meet Accountability

For whom, for what outcomes and why it matters to DPOs.
(Article contributed by AsiaDPO)

Read More

A DPTM Story:
Helping People in Crisis

The Data Protection Trustmark (DPTM) is part of New Hope Community Services’ data governance priority, enabling it to strengthen public trust in the social services space.

Read More

Announcements

bullet.png

Learn At Lunch: Model AI Governance Framework

The Institute of Internal Auditors Singapore has invited the PDPC to address the governance challenges posed with the emergence of artificial intelligence (AI). We will share how the PDPC’s Model AI Governance Framework helps organisations deploy responsible AI, through considerations and measures that can address potential risks within the organisation’s corporate governance, risk management, operations management and customer relationships.

bullet.png

Launch of New DPO Courses

NTUC LearningHub, in partnership with Employment and Employability Institute and the PDPC, has launched four new data protection-related courses for DPOs, based on the PDPC’s Data Protection Competency Framework and Training Roadmap.

New Resources

bullet.png

Revised Guide to Notification

The Guide to Notification now includes a section on key considerations in developing notifications and new examples, including dynamic consent and just-in-time notifications.

bullet.png

Revised Advisory Guidelines on Key Concepts in the PDPA

Chapter 6 on "Organisations" and chapter 15 on "Access and Correction Obligations" have been revised in the Advisory Guidelines on Key Concepts in the PDPA.

bullet.png

New Chapter in the Advisory Guidelines on the PDPA for Selected Topics

A new chapter on "Cloud Services" has been added into the Advisory Guidelines on the PDPA for Selected Topics.

Commission's Decisions

Dec 2019

Breach of the Protection Obligation by Learnaholic

A financial penalty of $60,000 was imposed on Learnaholic for failing to put in place reasonable measures to protect the personal data of students, students’ parents and staff of various schools.

Breach of the Protection Obligation by i-vic International

A financial penalty of $6,000 was imposed on i-vic International for failing to put in place reasonable security arrangements to protect the personal data of individuals which it had processed on another organisation’s behalf. i-vic as the data intermediary did not put in place diligent and properly scoped testing of software which led to the disclosure of personal data of individuals via email.

Breach of the Protection and Accountability Obligations by The Travel Corporation (2011)

A financial penalty of $12,000 was imposed on The Travel Corporation (2011) for breaches of the PDPA. The organisation failed to appoint a data protection officer and did not put in place reasonable security arrangements to protect its customers’ personal data stored in portable storage devices.

Breach of the Protection Obligation by Chizzle

Directions, including a financial penalty of $8,000, were imposed on Chizzle for failing to put in place reasonable security arrangements to protect the personal data of users of its mobile application. The organisation was also directed to develop an IT security policy, review and revise its developmental processes in order to adopt a data protection by design approach for future enhancements to its mobile application.

Breach of the Protection and Accountability Obligations by Global Outsource Solutions

Global Outsource Solutions was found in breach of the PDPA for failing to put in place reasonable security arrangements to protect the personal data collected by its website and for failing to develop and implement data protection policies. This resulted in the disclosure of personal data of customers on the organisation’s online warranty registration portal. Global Outsource Solutions was directed to develop and implement policies for data protection and staff training in data protection, and to put all employees handling personal data through such training.

Breach of the Protection Obligation by Honestbee

A financial penalty of $8,000 was imposed on Honestbee for failing to put in place reasonable security arrangements to protect the personal data of individuals. The data of about 8,000 individuals was stored in the cloud without access restrictions.

Breach of the Accountability Obligation by Saturday Club

Saturday Club was found in breach of the PDPA for failing to put in place written policies and practices necessary to ensure its compliance with the PDPA. Saturday Club was directed to put in place a data protection policy to comply with the provisions of the PDPA and to conduct training to ensure its employees are aware of and comply with the requirements of the PDPA.

Read more Commission's Decisions here

Help and Resources for DPO

dpia.png
PDPA Assessment Tool for Organisations

Use the free online self-assessment tool to gauge your organisation’s level of compliance with the PDPA.

dpmp.png
Data Protection Notice Generator

A free-to-use tool for generating basic data protection template notices to help your organisation inform your stakeholders on how their personal data is managed.

list.png
List of Data Protection Service Providers

A listing of information on DP consulting services, legal advisors for personal data protection, data protection training providers, data protection solutions, outsourced DPO functions service providers and cyber security services.

pdpc_logo

If you want to reach out, please contact us online or call +65 6377 3131.

If you wish to unsubscribe, please click on this link.