By Irene Tham, Technology
Correspondent
SINGAPORE'S new Personal Data
Protection Act was more than a decade in the making. So when it was finally
passed in Parliament in October two years ago, the public got excited.
They were especially happy with the national Do-Not-Call (DNC) Registry,
which lets them block telemarketing calls, SMSes and faxes. They could finally
say goodbye to pesky telemarketers.
The Registry went into force on Jan 2 this year and has 595,000 local
numbers - there are about eight million local mobile numbers here.
The Personal Data Protection Commission, which manages the Registry, is
investigating 3,000 complaints that are valid.
While the new law has been welcomed by consumers, does it give them enough
protection in areas of the greatest need?
For sure, it does tackle one key annoyance: unwanted marketing
phonecalls, which have interrupted meetings, disturbed sleep at ungodly hours
and even taxed consumers' wallets - one gets charged for incoming calls while
roaming overseas.
With the new rules, telemarketers who call phone numbers listed in the
Registry risk a fine of up to $10,000 for each offence.
But the protection does not fully extend to phone or fax messages
though.
Some consumers are unhappy over a last-minute exemption that allows
firms to send text and fax messages to existing customers without checking with
the Do-Not-Call Registry. This is as long as customers are given an option to
unsubscribe to the messages via the same channel.
Consumers criticised the Commission for caving in to business pressures
- a charge it denied. They also took issue with the exemption being introduced
without public consultation.
Despite some loud complaints, others say it may be useful to be kept
informed via SMS of promotions and deals from companies.
A credit card user, for instance, may want to be informed by his bank
about promotional tie-ups with retailers. Similarly, a mobile, pay-TV or
broadband subscriber may want his telco to inform him of discounts or freebies
for renewing his subscription.
Said 36-year-old engineer John Wong: "I would like to know if there
is a discount in a bookstore. The channel of passing useful information like
this can be killed by the DNC Registry but the exemption allows for some
flexibility."
In any case, phone messages are deemed less intrusive and less painful
on the pocket, as messages received while roaming overseas are free.
The Registry rules are only one part of the new Act though; other
provisions that deal with the way organisations may collect, use and disclose
personal data kick in only from July 2.
Here, it may be worthy to note that the new Act does not have long arms
to protect the general privacy of individuals.
For instance, owners of buildings such as malls do not need the
individual's consent to record security camera footage - even though the images
are considered personal data. Shopkeepers who take smartphone pictures of
customers for promotional reasons also do not need consent.
The Commission feels that camera phones are now widely available and
their use can be "reasonably expected". So, a notice by shopkeepers
or building owners informing customers that photographs might be taken would
suffice.
Also, government agencies are exempted from the new law. Minister for
Communications and Information Yaacob Ibrahim had said government agencies are
subject to their own set of rules on protecting personal data and these are
sometimes more stringent than the new law - but these rules have not been made
public.
What the Act does cover is the indiscriminate collection of data.
For instance, a 7-Eleven counter employee verifying the age of customers
buying cigarettes or alcohol may record in the computer system only customers'
birth dates - but not other information such as identity card number or name.
In another example, a lucky draw organiser may not be allowed to ask
participants to disclose their household income if the information is not
necessary.
The Act also protects consumers from inappropriate use and disclosure of
their information.
For instance, if the lucky draw organiser wants to disclose the personal
data of contest participants to third parties or use it for marketing -
differing from the original intent - it must get participants' consent.
Failure to do so could mean a breach of the Act. The fine for violating
general data protection provisions goes up to $1 million.
One loophole, though, is that Singapore has no jurisdiction over
overseas companies with no local set-ups. It will need to work with other
countries in this aspect.
Overall, while the law will always play catch-up to theft and misuse,
Singapore's new Personal Data Protection Act is a good start in trying to
protect people's personal data.
And judging by how the Commission has gone after at least three
organisations for violating the new rules, it looks like it is taking the
protection of personal data very seriously indeed.
This is the fifth of 12 primers on various
current affairs issues, published in the run-up to The Straits Times-Ministry
of Education National Current Affairs Quiz.
No comments:
Post a Comment