The Personal Data Protection Commission (PDPC) has introduced three new initiatives to facilitate the movement and use of data to support innovation.
These measures also aim to strengthen accountability among organisations, according to a press release by PDPC on Wednesday, May 22.
"The trusted use of data is the foundation of a strong digital economy, especially given the increased volume of personal data generated through customer activities and used to enhance products and services," said PDPC.
The current regulatory approach focused on compliance. A nimble and forward-looking regulatory approach to data protection will provide an environment to build trust and facilitate innovation, said the Commission.
However, organisations must shift from compliance to accountability in the management of personal data. This includes taking responsibility for how organisations use data collected from individuals, and proactively putting in place measures to safeguard such data.
The first initiative is PDPC's third public consultation under the ongoing review of the PDPA.
This builds on the data portability discussion paper launched in February 2019. The proposed data portability provision will provide individuals with greater control over their personal data and enable greater access to more data by organisations to facilitate data flows and increase innovation, Meanwhile, the proposed data innovation provision makes it clear that organisations can use data for appropriate business purposes without individuals’ consent.
Collectively, the proposals provide a balanced regulatory approach to empower consumer choice and support innovation in a Digital Economy, PDPC said.
Secondly, PDPC introduced its new guide to Active Enforcement. It articulates PDPC's approach in deploying its regulatory powers to act efficiently and effectively when dealing with data breaches to safeguard the public interest. The new expedited decision process is aimed at bringing investigations on clear-cut data breaches to a conclusion quickly.
Lastly, the PDPC has also updated its existing guide to better support organisations in managing data breaches effectively. Under the Guide to Managing Data Breaches 2.0, organisations should have in place monitoring measures to provide early detection and warning for possible data breaches, and a data breach management plan for reporting and assessing a data breach.
These were announced by Deputy Commissioner of PDPC, Mr Yeong Zee Kin at the “Know Ahead to Stay Ahead – Leadership’s Engagement in Data Protection” session.
The event is co-organised by the PDPC and Singapore Business Federation, and supported by the Law Society of Singapore. It was held as part of Singapore’s week-long Privacy Awareness Week, a global initiative by the Asia Pacific Privacy Authorities.
“Data is a key enabler of digital transformation, but a balance must be achieved between data protection and business innovation," said Mr Yeong.
Therefore, firm steps are being taken to position Singapore as a trusted data hub in the global digital economy – by seeking feedback on the proposed data portability and innovation provisions, as well as test bedding data breach notification measures.
"The PDPC also recognises the importance of being responsive and agile in enforcing data protection in an environment of fast-evolving data use, coupled with sweeping technological advances," Mr Yeong added.