Personal Data Protection Bill

Some information regarding the proposed Personal Data Protection Bill 2012 (Singapore):

  • Covers the regulation pertaining to the collection, use, disclosure, transfer & security of personal data.
  • The PDP Bill consultation paper found here
  • The proposed PDP Bill found here
  • The Model Data Protection Code for the Private Sector found here
  • A subsequent report of the above-mentioned Model Code by the NIAC found here

The PDP bill interprets “personal data” to refer to data, whether true or not, about an individual who can be identified

  1. from that data; or
  2. from that data and other information to which the organisation is likely to have access

The bill does not provide greater clarity to the definition of “personal data” and a prescriptive list of personal data would not be provided. Fortunately, the definition was largely adapted from the Model Code which provided certain implementation & operational guidelines with specific examples.

An excerpt from the Model Code follows:

Persons are identifiable not only by their names but also by their pictures, their telephone numbers, or by some special identification number (e.g. NRIC and Passport numbers), etc..

"Personal data" may include an individual’s:

  • name, age, weight, height
  • NRIC/FIN number
  • medical records
  • income, purchases and spending habits
  • race, ethnic origin and colour
  • blood type, DNA code, fingerprints
  • marital status and religion
  • education
  • home address and phone number

While such data taken separately may not identify a person, a conjunction of a number of such data could be sufficient to identify an individual.

For those who are not legally trained (including myself), this should give some ideas to the type of information that needs to be protected with the proposed bill.

Comments

Popular posts from this blog

Understanding ITIL Service Management the UML way…

How to depict (Professional-Looking) Logical Network Diagrams in Astah