Singapore Data Protection Law Expected to be Introduced in 2012

15 Feb 2011

Singapore’s Minister for Information, Communications and the Arts announced yesterday in Parliament that a new data protection bill will likely be introduced in early 2012.

This follows the conclusion of the Government’s review of Singapore’s data protection regime (first announced in a January 2009 sitting of Parliament). The review concluded that it would be in Singapore’s overall interests to put in place a data protection regime, in order to protect individual’s personal data against unauthorized use and disclosure for profit.

The Minister indicated that this data protection law will target businesses which collect personal data of individuals, particularly those which engage in excessive and unnecessary collection of individuals’ personal data. It is envisaged that obtaining the consent of individuals to disclose their personal information will be a requirement under such proposed law. A Data Protection Council is also expected to be set up to oversee the implementation of the legislation.

The Government has commissioned the Infocomm Development Authority of Singapore (IDA) to undertake further consultation and to work closely with the relevant stakeholders in the public, private and people sectors to address concerns over the proposed data protection law. The proposed legislation is expected to be introduced for consideration by Parliament in early 2012.

The latest move by the Government is expected to be welcomed by the public, particularly in light of growing concerns over breaches of confidentiality of personal information, including the sale of personal contact information of key government officials, and the inadvertent leakage of tens of thousands of personal contacts of graduates from a tertiary institution. Singapore does not presently have a generic, omnibus privacy or data protection law. Instead, the collection and use of personal data are regulated to a certain extent by a patchwork of laws, including (i) the common law, (ii) sector-specific legislation (such as the Banking Act (Cap. 19) and the Computer Misuse Act (Cap. 50A)), and (iii) various self-regulatory or co-regulatory codes.

We will continue to monitor developments in this area, and bring to you any breaking updates.

To read the update, please click here.