Strengthening the Act
With the implementation issues slowly ironed out, there are still a number of issues for the Government to consider moving forward. Firstly, with the interconnected nature of a global internet and cloud infrastructures, cross-border flow of data is unavoidable and needs to be appropriately addressed. The PDPA allows for several provisions where this can happen and it needs to be built upon by the Government. Clarity on some of the provisions, including the 'whitelist' of allowable jurisdictions, will be critical for companies and organisations operating across multiple jurisdictions, where cross border data transfer is naturally part of their operations.
The Government should consider the introduction of mandatory breach notification. Rather than a punitive measure aimed at punishing companies, mandatory breach notification is being recognized by many jurisdictions as being a key component of any data protection legislation. Properly crafted, it impresses upon organisations their obligations in terms of safeguarding the data of their customers. It also outlines the appropriate steps that organisations should take in the unfortunate event of loss of data. It is ultimately, also a key component in protecting the people. By making them aware that their personal data has been compromised, it gives them the opportunity to take appropriate remedial actions, such as changing their credit card numbers, or passwords.
Protecting Personal Information
With the PDPA coming into force, it is a clear recognition by the Government that the collection and use of personal data in this day and age have increasing reach, oftentimes beyond what people might have first expected when handing over that data. Complex analytics and processing allows for better targeted advertising and marketing which can make doing business more efficient and effective, but not always beneficial nor welcomed by the customer. PDPA gives all the stakeholders the appropriate boundaries to guide their actions and ultimately will make for a more sophisticated and better informed society, where personal data is concerned.
Ng Kai Koon's responsibilities include representing Symantec in presentations to Asia-Pacific Governments and international organisations on a wide range of issues, such as cyber security, sectorial development and growth, standards and international trade.
 All provisions in Singapore's Personal Data Protection Act will be fully enforced only on 2nd July 2014.
Sign up for CIO Asia eNewsletters.