Rules On Data Retention Commission Replies

01 Aug 2014

Forum reply on The Straits Times, 1 Aug 2014
 

UNDER the Personal Data Protection Act, organisations must cease to retain documents containing personal data if they no longer serve the purpose for which the data was collected or remain necessary for any legal or business purposes - for example, the continued retention of financial records for tax purposes ("Any rules on data retention?" by Ms Lee Meow Hua; July 16).

The Act does not specify a fixed duration of time for which organisations can retain personal data, as it is not feasible to apply a single timeframe across varied sectors.

Organisations should, however, review on a regular basis if the personal data they have is still needed.

The Personal Data Protection Commission understands that Standard Chartered Bank has since explained to Ms Lee its retention policy for customers and former customers, and confirmed it is not retaining her personal data beyond what is necessary for business or legal purposes ("Data retention: Bank replies"; July 24).

As the Act serves as a baseline data protection law that complements sector-specific laws and regulations, organisations will also have to comply with other laws and regulations in relation to the handling of personal data that are applied to the specific industry. 

Evelyn Goh (Ms)
Director, Communications, Planning & Policy 
Personal Data Protection Commission

Tags: