Harsher penalties for data breaches under amended PDPA, Latest Singapore News - The New Paper
Singapore

Harsher penalties for data breaches under amended PDPA

This article is more than 12 months old
Harsher penalties for data breaches under amended PDPA
Communications and Information Minister S. Iswaran said the penalties imposed are proportionate to the severity of the breach. PHOTO: GOV.SG
LESTER WONG
Nov 03, 2020 06:00 am

Companies will be penalised more heavily for data breaches while also getting more freedom to use personal data to innovate under changes to Singapore's data protection laws passed in Parliament yesterday.

This tension between keeping consumers' trust high and supporting data use for innovation was acknowledged by Communications and Information Minister S. Iswaran during the debate on changes to the Personal Data Protection Act.

"It's important that we first recognise that this is a delicate and dynamic balance.

"It's delicate because if we overcorrect in one direction, consumers may not retain their confidence and trust in the system," Mr Iswaran said.

"If we swing the other way, then we shackle our businesses and the very benefits that we seek to create for our consumers, for our economy, will diminish."

A key change in the Bill increases the maximum amount that a company can be fined for a data breach to 10 per cent of its annual turnover in Singapore or $1 million, whichever is higher.

This is no smiley faced robot, but it should make you smile
Singapore

This is no smiley faced robot, but it should make you smile

Related Stories

SafeTravel website crashes due to surge in travel pass applications

5.9 million customers hit by RedDoorz data breach

All government agencies to accept digital ICs from next week

Currently, the maximum a company can be fined for a data breach is $1 million.

Mr Iswaran addressed concerns raised about the higher fines during public consultations prior to the passing of the Bill, as well as by Mr Desmond Choo (Tampines GRC) yesterday.

Mr Choo had said that the revised maximum penalty might "artificially" create the impression that penalties under Singapore's data privacy regime are much harsher than those of the country's neighbours, and cause foreign companies to choose other Asian countries over Singapore to set up operations instead.

Mr Iswaran, however, said the penalties imposed are proportionate to the severity of the breach, adding the raised cap will take effect a year after the amended Act comes into force.

LEGITIMATE INTERESTS

The Bill also allows organisations to collect, use or disclose personal data without the consent of individuals in circumstances classified as "legitimate interests".

Such situations include using personal data to detect anomalies in payment systems to prevent fraud, or the data from security cameras or other Internet of Things devices to help in investigations or legal proceedings.

Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now

Technology