Learn At Lunch: Model AI Governance Framework

The Institute of Internal Auditors Singapore has invited the PDPC to address the governance challenges posed with the emergence of artificial intelligence (AI). We will share how the PDPC’s Model AI Governance Framework helps organisations deploy responsible AI, through considerations and measures that can address potential risks within the organisation’s corporate governance, risk management, operations management and customer relationships.

Launch of New DPO Courses

NTUC LearningHub, in partnership with Employment and Employability Institute and the PDPC, has launched four new data protection-related courses for DPOs, based on the PDPC’s Data Protection Competency Framework and Training Roadmap.

Revised Guide to Notification

The Guide to Notification now includes a section on key considerations in developing notifications and new examples, including dynamic consent and just-in-time notifications.

Revised Advisory Guidelines on Key Concepts in the PDPA

Chapter 6 on "Organisations" and chapter 15 on "Access and Correction Obligations" have been revised in the Advisory Guidelines on Key Concepts in the PDPA.

New Chapter in the Advisory Guidelines on the PDPA for Selected Topics

A new chapter on "Cloud Services" has been added into the Advisory Guidelines on the PDPA for Selected Topics.

Breach of the Protection Obligation by Learnaholic

A financial penalty of $60,000 was imposed on Learnaholic for failing to put in place reasonable measures to protect the personal data of students, students’ parents and staff of various schools.

Breach of the Protection Obligation by i-vic International

A financial penalty of $6,000 was imposed on i-vic International for failing to put in place reasonable security arrangements to protect the personal data of individuals which it had processed on another organisation’s behalf. i-vic as the data intermediary did not put in place diligent and properly scoped testing of software which led to the disclosure of personal data of individuals via email.

Breach of the Protection and Accountability Obligations by The Travel Corporation (2011)

A financial penalty of $12,000 was imposed on The Travel Corporation (2011) for breaches of the PDPA. The organisation failed to appoint a data protection officer and did not put in place reasonable security arrangements to protect its customers’ personal data stored in portable storage devices.

Breach of the Protection Obligation by Chizzle

Directions, including a financial penalty of $8,000, were imposed on Chizzle for failing to put in place reasonable security arrangements to protect the personal data of users of its mobile application. The organisation was also directed to develop an IT security policy, review and revise its developmental processes in order to adopt a data protection by design approach for future enhancements to its mobile application.

Breach of the Protection and Accountability Obligations by Global Outsource Solutions

Global Outsource Solutions was found in breach of the PDPA for failing to put in place reasonable security arrangements to protect the personal data collected by its website and for failing to develop and implement data protection policies. This resulted in the disclosure of personal data of customers on the organisation’s online warranty registration portal. Global Outsource Solutions was directed to develop and implement policies for data protection and staff training in data protection, and to put all employees handling personal data through such training.

Breach of the Protection Obligation by Honestbee

A financial penalty of $8,000 was imposed on Honestbee for failing to put in place reasonable security arrangements to protect the personal data of individuals. The data of about 8,000 individuals was stored in the cloud without access restrictions.

Breach of the Accountability Obligation by Saturday Club

Saturday Club was found in breach of the PDPA for failing to put in place written policies and practices necessary to ensure its compliance with the PDPA. Saturday Club was directed to put in place a data protection policy to comply with the provisions of the PDPA and to conduct training to ensure its employees are aware of and comply with the requirements of the PDPA.

PDPA Assessment Tool for Organisations

Use the free online self-assessment tool to gauge your organisation’s level of compliance with the PDPA.

Data Protection Notice Generator

A free-to-use tool for generating basic data protection template notices to help your organisation inform your stakeholders on how their personal data is managed.

List of Data Protection Service Providers

A listing of information on DP consulting services, legal advisors for personal data protection, data protection training providers, data protection solutions, outsourced DPO functions service providers and cyber security services.

If you want to reach out, please contact us online or call +65 6377 3131.

If you wish to unsubscribe, please click on this link.