Registry to protect consumers' privacy proposed

Find yourself receiving unwanted SMS advertisements from unknown parties or calls from telemarketers recommending you financial products?

This could come to an end as early as next year when a new consumer data protection regime kicks in.

It includes a government-proposed National Do-Not-Call Registry, which enables consumers to opt-out of all unsolicited telemarketing calls or SMS/fax messages.

Organisations will be required to check the registry and ensure that they do not call, SMS or fax messages to the numbers registered unless specific permission was given.

The Ministry of Information, Communications and the Arts (MICA) launched on Tuesday its first public consultation on a proposed consumer data protection regime for Singapore, which governs how personal data is collected, used, disclosed and transferred.

There is currently no general law in Singapore governing data protection in the private sector except in certain sectors, such as in finance and healthcare.

Personal data is defined as information that leads to the identification of a person, ranging from a passport number to a mobile phone number. The law will cover all forms of personal data, including electronic and non-electronic forms of data.

Among its proposals, MICA is asking for feedback on whether personal data of deceased people should be covered by the new data protection law and whether the law should also cover overseas organisations that collect data in Singapore.

MICA is also seeking views on whether certain organisations, such as small companies with low annual turnover, should be excluded because of the costs involved. The ministry proposed a “light touch” law that applies to all private sector organisations to ensure a minimum standard of data protection.

The proposed regime seeks to strike a balance between stricter regulations and the need to keep business costs manageable, noted the ministry. The general law will apply concurrently with existing sectoral regulations, which imposes more stringent standards where necessary.

For organisations that break the rules, MICA has proposed a maximum fine of $1 million.

“The current sectoral approach to data protection (DP) has served Singapore’s needs in the past. However recent international developments suggest it may be timely to review our existing DP regime and establish a general DP regime in Singapore,” said MICA in its consultation paper.

It cited examples of the European Union and U.S. introducing measures to better protect consumers’ online privacy.

There is a “growing concern” that personal data is being sold or used without their consent, a move exacerbated by new technologies, noted the ministry.

MICA first announced the new law in February this year and it will be tabled for consideration by Parliament in early 2012.

Singapore has lagged behind other First World countries in introducing such a law. South Korea, for instance, introduced its information protection law almost 10 years ago while New Zealand’s Privacy Act was introduced in 1993.

Singapore had said it needed to study the impact of such laws in other countries first.

All submissions of comments should reach MICA before 5pm, 25 October 2011. Comments can be emailed to MICA_DP_Public_Consultation@mica.gov.sg