Singapore Starts Privacy Enforcement: Fines for Lax Security
(2016) 141 Privacy Laws & Business International Report, 1, 4-6
3 Pages Posted: 18 Aug 2016
Date Written: May 30, 2016
Singapore’s Personal Data Protection Commission (PDPC) has published nine data protection enforcement decisions, the first since the Personal Data Protection Act 2012 (PDPA) came into force in July 2014. It has also issued advisory guidelines on enforcement. This article outlines these developments and their significance. Increased emphasis on enforcement in ASEAN countries can also be seen in a Malaysian initiative outlined here and in the appointment of the Philippines National Privacy Commission.
In the PDPC’s most significant decision, fines of S$50K were ordered against K Box Entertainment Group and S$10K against its data intermediary, Finantech Holdings, primarily for breaches of the security principle. Other companies and voluntary associations were also fined.
PDPC Advisory Guidelines on alternative dispute resolution make it clear that the PDPC will take an interventionist role to ensure that parties resolve disputes.
In contrast, Malaysia’s Department of Personal Data Protection has not yet shown any visible signs of enforcing its Personal Data Protection Act 2010, despite that Act being fully in force for over two years. One reason is that, in effect, the Malaysian PDPA can only be enforced through prosecutions, and those must be with the consent of the Public Prosecutor. A new Regulation allows the Commissioner to offer to compound specified offences – in effect to allow a fine to be paid instead of prosecution.
Keywords: privacy, data protection, enforcement, Singapore, Malaysia, Asia, ASEAN
Suggested Citation: Suggested Citation