Organisations Required To Protect Personal Data

18 Apr 2014

Forum reply on The Straits Times, 18 Apr 2014

I REFER to Mr Nicolas Leong's letter ("Credit card applications: Set guidelines to safeguard data"; Sunday).

On July 2, the data protection provisions of the Personal Data Protection Act will come into force.

Under the "protection obligation" of the Act, organisations are required to make reasonable security arrangements to protect personal data in their possession or under their control, in order to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

Organisations collecting personal data should review their business processes to ensure compliance with the Act by July 2, which will also help them build the trust of their customers when collecting, using and disclosing personal data.

If the Personal Data Protection Commission finds an organisation in breach of any of the data protection provisions in the Act, it may require the organisation to pay a financial penalty of up to $1 million and undertake rectification measures.

Evelyn Goh (Ms) 
Director, Communications, Planning & Policy 
Personal Data Protection Commission

Tags: