Hansard, 19 January 2009


24. Er Lee Bee Wah asked the Minister for Information, Communications and the Arts (a) whether his Ministry will consider introducing a comprehensive privacy law to protect the privacy of individuals and their personal data; and (b) what are the existing laws in place to protect (i) people from spam mails and unauthorised sale of personal information to vendors; and (ii) people whose photographs are posted on blogs and other new media platforms without authorisation.

Dr Lee Boon Yang:

The Government recognises the importance of data protection and the need to protect personal data. At the same time, we also appreciate the impact of data protection on businesses and the general public.

I had previously informed the House that an Inter-Ministry Committee is reviewing Singapore’s data protection regime. This review is on-going. We are currently looking into developing a data protection model that can best address Singapore’s privacy concerns, commercial requirements and national interest. As data protection is a complex issue with extensive impact on all stakeholders, this review will take some time.

Unauthorised use of personal data

While there is currently no generic data protection law, it does not mean that there is no protection of personal data. In fact we have in place strict provisions in sectoral laws, such as the Banking Act and codes for medical professionals to protect sensitive financial and health information. There are also other industry codes of practices against the unauthorised use of personal information. For example, in the telecommunications sector, under the Telecom Competition Code, IDA requires licensees to take reasonable measures to prevent the unauthorised use of End User Service Information. A telecom licensee would be in breach of the Code if it shares with third parties its customers’ information that was obtained from the use of its service, without the customers’ consent.

In addition to sectoral laws, there is a Model Data Protection Code introduced in 2002 for voluntary adoption by the private sector. The principles of this Code have been adopted by many companies, including those engaged in e-commerce under the TrustSg initiative.

The Government also takes data protection within the public sector seriously. We have structured our data protection policy after the Model Data Protection Code and this has been incorporated in the Government Instruction Manuals for the public service.

Unauthorised photographs in blogs/new media platforms

In the case of individuals who discover that their pictures have been posted by other individuals on new media platforms such as blogs, without prior consent, it would be considered a civil matter. The aggrieved persons could first ask the site’s webmaster to remove the pictures. As with matters relating to online libel and personal defamation, they could also seek professional legal advice to determine the most appropriate legal recourse.

Protections from spam

The Member has also asked how consumers are protected from spam mails. The Spam Control Act was passed in Parliament on 12th April 2007. It sets out basic requirements for legitimate direct electronic mass marketing, and provides civil recourse for persons affected by illegal spam in Singapore.

What this translates to, in practical terms, is that each unsolicited, commercial, electronic message which is sent in bulk, is required to contain an label to mark it out as an advertisement. It is also mandatory for senders to allow recipients to unsubscribe via the same medium through which the message was received. In addition, there are restrictions on how marketers can gather their mailing lists. Civil remedies are available to aggrieved persons who have suffered loss or damage as a result of spam sent in contravention of the Spam Control Act.

Data Protection in Singapore https://stngiam.wordpress.com http://www.ngiam.net (Dormant)