Singapore

March 2017

Company Liable For Director’s Actions In Corporate Chat Room

A senior member of Executive Coach International shared personal views about an ex-employee, in a company sponsored WhatsApp chat room. The PDPC found the comments constituted an unauthorized use and disclosure of personal information (used without consent), for the purposes of discrediting the ex-employee (who departed on ‘unamicable’ terms).

Executive Coach stated the director was acting in a personal capacity, and it neither approved, nor had any knowledge of the director’s actions. The PDPC found that although the dispute may have been personal, the context of the exchange was an ongoing dispute between an employer and its ex-employee, thus the organization was liable.

Given the extenuating circumstances (not a public chat room, the individual actions of the director), the PDPC decided to formally warn Executive Coach, but not issue a fine.
https://www.pdpc.gov.sg/docs/default-source/enforcement-data-protection-cases/grounds-of-decision—executive-coach-international—210317.pdf?sfvrsn=2
jbho: a reminder that mum is always the word when it comes to former employees. Interesting that this was addresses as a privacy matter as opposed to an employment or disparagement matter. Fascinating to watch this nascent privacy regime mature (and quite quickly at that!)

Also a reminder that if you are going to sponsor social channels for employees, you should have some clear guidelines on how to use.

 

Updated Guidance On Anonymization And Health Care Reminders

The PDPC has updated Anonymization guidelines (chapter 3) of its Advisory Guidelines On The Personal Data Protection Act For Selected Topics. Updates include more detailed examples for acceptable use and disclosure of anonymized data, as well as additional guidance on assessing the risk of re-identification.
https://www.pdpc.gov.sg/docs/default-source/advisory-guidelines—selected-topics/final-advisory-guidelines-on-pdpa-for-selected-topics-(28-march-2017).pdf?sfvrsn=2

The PDPC has also updated its Advisory Guidelines for the Healthcare Sector, and added examples of how and when it’s okay to send appointment or other service reminders by phone or text message.
https://www.pdpc.gov.sg/docs/default-source/public-consultation-4—education-healthcare-social-services-photography-submissions/advisory-guidelines-for-the-healthcare-sector-(28-mar-2017).pdf?sfvrsn=2
jbho: I don’t see any material changes, but the examples are good. The PDPC continues to publish some of the best guidance that’s out there.

 

January 2017

PDPC Updates Guidance On Security, Disposal, And Website Design

The PDPC has published revisions to three security guides:
Guide to Securing Personal Data in Electronic Medium
Guide to Disposal of Personal Data on Physical Medium
Guide on Building Websites for SMEs
The updates add examples illustrating good information handling practices under the PDPA, including using out-of-the-box and 3rd-party software, as well as how to configure software features when handling personal information.

The PDPC also added a new Guide to Preventing Accidental Disclosure When Processing and Sending Personal Data to help prevent breaches, as well as:
• Preventing personal information from being sent to wrong recipients
• Minimizing the risk and impact of accidental disclosures to wrong recipients
• Understanding Lessons Learned from case studies
• Using checklists to implement best practices
https://www.pdpc.gov.sg/legislation-and-guidelines/advisory-guidelines/other-guides
jbho: the PDPC puts out some great materials, and are worth the read if securing data falls under your remit.

 

September 2016

New TV Series on Personal Data Protection

The PDPC has launched a TV Show to introduce personal data protection topics to general audiences.
https://www.pdpc.gov.sg/news/latest-updates/page/0/year/2016/month/All/new-tv-series-on-personal-data-protection
jbho: Talk about government support for privacy!

 

August 2016

PDPC Updates Guidance On Consent

The Personal Data Protection Commission (PDPC) recently updated guidance on Consent and Do Not Call provisions (revised on 15 July 2016).

Chapter 12 has been revised to provide further clarity on the withdrawal of consent requirements, including how organisations are to facilitate and effect withdrawal of consent requests.
https://www.pdpc.gov.sg/docs/default-source/advisory-guidelines/key-concepts—chapter-12-(150716).pdf?sfvrsn=2

The section on Do Not Call Provisions in the Advisory Guidelines on Key Concepts has been incorporated into the Advisory Guidelines on the Do Not Call Provisions.
https://www.pdpc.gov.sg/docs/default-source/advisory-guidelines—dnc/advisory-guidelines-on-the-dnc-provisions-(15july16).pdf?sfvrsn=2
jbho: just in case you are following this

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s