Mobile App Developers to Comply With Personal Data Protection Act

07 Dec 2015

Forum Reply on Lian He Zao Bao, 5 Dec 2015

We thank Mr Ma Liang for the letter “Multi-pronged Approach to Strengthen Digital Safety” (14 November 2015).

The government is constantly reviewing its cyber security policies to ensure that individuals’ digital identities are protected as more transactions go online. These efforts complement the efforts of the Personal Data Protection Commission (PDPC) in the protection of personal data.

Mobile application developers, like all private organisations in Singapore, have to observe the data protection requirements in the law. These include seeking consent and notifying users of the purposes for the collection, use and disclosure of personal data.   

The PDPC is aware of the Global Privacy Enforcement Network (GPEN) assessment of over 1,200 mobile applications, which revealed that many of them sought access to large amounts of personal data without adequately explaining how that information was being used.  

The PDPC had started engaging mobile application developers earlier this year to advise them of their PDPA obligations. The PDPC had also published guides to help organisations adopt good IT security practices and data breach management. Organisations are encouraged to regularly review their policies and practices to ensure that their IT and mobile applications are secure and well-protected from cyber-attacks.  

Users, too, have a role to play in protecting their personal data and should understand what personal data is requested of them and why, before agreeing to the terms and conditions of each mobile application.

As Singapore’s cyber landscape evolves, along with new opportunities and risks, the PDPC will continue to reach out to both the business sectors and members of the public to raise their awareness of the importance of personal data protection. 

We welcome Mr Ma to contact PDPC directly at info@pdpc.gov.sg if he has concerns about any specific mobile applications.

Evelyn Goh (Ms)
Director
Communications, Planning and Policy 
Personal Data Protection Commission
---

手机应用软件发展商须遵守个人资料条例

谨答复《联合早报􂀢交流站》于11月M日刊登的马亮读者投函《多管齐下加强数码安全》:

由于网上交易日益频繁,政府因此也不断检讨其网络安全措施,来确保个人的数码身份证受到保护。在保护个人资料上,这些努力可以辅助现有的《个人资料保护法令》(PDPA)。

和新加坡所有的私人机构一样,手机应用软件发展商也必须遵守与个人资料相关的条例,包括征求用户同意,并让他们知道收集、使用和透露个人资料的目的。

个人资料保护委员会(PDPC )知道全球隐私执行网络(GPEN)对超过1200种手机应用软件的评估。评估显示,许多软件向用户要求大量个人隐私资料,却没有清楚解释将如何使用这些资料。

今年初,委员会便开始同手机应用软件发展商接触,让他们了解必须遵守《个人资料保护法令》。委员会也出版指导守则,协助企业采取适当的资讯科技安全措施,和不违反条例的处理方式。企业也应该不时检讨其政策与措施,确保它们的资讯科技和手机应用软件是安全的,不会受到网络袭击。

用户也应该有意识地保护个人资料,先了解要提供什么个人资料和其原因,才同意手机应用软件的附带条件。

新加坡的网络生态正不断演变,在带来新机会的同时,也带来了新危险。个人资料保护委员会将继续同企业界和公众紧密联系,提升他们对保护个人资料的重要性的认识。

感谢马先生的反映。

马先生如果对个别手机应用软件有任何疑问,可以直接通过电邮info@pdpc.gov.sg同我们联络。

个人资料保护委员会
规划、政策与公众宣传司长
吴俊英

Tags: