Looking Deeper: How Does PDPA Work?

The Personal Data Protection Act (PDPA) 2012 is a law that seeks to protect personal data. It acknowledges the rights of every person to safeguard their data. You should know that it was the PDPA that established the Do Not Call (DNC) Registry. Consumers or subscribers now can opt to receive or block marketing calls, text messages and faxes from different organizations.

The government realized that there are huge amounts of personal data collected. The collection of personal data are then moved to 3^rd party organizations for purposes that they deem necessary. With this, consumers or subscribers are getting worried and anxious about how their data are used. To answer that, PDPA regulates the flow of personal data circulating between organizations. Furthermore, the PDPA works in three concepts to include:

• Consent: The organizations are allowed to gather, use and divulge personal data if the consumers or the subscribers consented to it.
• Purpose: The organizations are allowed to gather, use and divulge personal data if the consumers or the subscribers are informed of the purposes for such actions.
• Reasonableness: The organizations are allowed to gather, use and divulge personal data if their purposes are fitting to a person given the circumstances.

The PDPA involves personal data that are accumulated from electronic & non-electronic procedures. The PDPA has this Personal Data Protection Commission (PDPC) provision and it came into effect on January 2, 2013. The DNC Registry came into effect on January 2, 2014.

Telco’s here in Singapore are required to inform their consumers or subscribers of how their personal data are used. When a subscriber sign up for mobile phone plans, they need to sign contracts. For those who purchase prepaid cards, they also need to be informed. PDPA recommended that telcos should put short statement in prepaid cards so consumers or subscribers will know how their personal data are used.