Personal Protection Data Act (PDPA) For Events

Home / 2016 / Personal Protection Data Act (PDPA) For Events

Personal Protection Data Act (PDPA) For Events

 

personal data protection act

The personal data protection act (PDPA) was made mandatory in July 2014 to everyone be it a public or an organisation in collecting personal data  of a ‘prospects’. However , many organisation are not familiar or simply ignorant or are careless in requesting for personal details like name, emails, contact nos, address, Identity  numbers without seeking permission from the prospect. Most assume that personal data protection act (PDPA) only covers the contact no like hand phone numbers or residence numbers , where the public is able to register their contact number under Do not disturb registry. Unfortunately , this is not so , the personal protection data act (PDPA)  includes the above mentioned as well.  As an event organizer, I make it a compulsory clause in every registration which we set up for our events for our clients to protect both our clients and ourselves in case a complaint is made.

In this article, I will share more about  the personal protection data act (PDPA) and what does it cover :

  1. Who are Governed by the Personal Data Protection Act ( PDPA) 

    Organisations that collect, use or disclose an individual’s personal data are regulated by the PDPA. and they include:

    (i)  a self-employed consultant

     (ii) corporate;

    (iii) a society or association So long as an organisation handles customers’ and employees’ personal data,

          this covers virtually all businesses in Singapore.

  2. Who is Protected Under the Personal Data Protection Act ( PDPA)

     The  Personal Data Protection Act (PDPA) protects three groups of individuals:

    (i) customers

    (ii) employees; and

    (iii) others (eg company directors).

  3. Who is Not Protected Under the Personal Data Protection Act (PDPA)?

    Data belonging to companies are  not protected under the  Personal Data Protection Act (PDPA)

  4. What Information is Protected Under the Personal Data Protection Act ( PDPA)?

    All “personal data” belonging to an individual is protected  like : full name, NRIC Number, passport number, photographs and CCTV images, personal mobile telephone number, personal e-mail address, name and residential address.

    However, certain information on its own such as: “To the occupant of #15-01, Block 1000A, Marine Parade Road” will not be considered “personal data”. Interestingly, personal data in a business name card belonging to an individual is not protected  by the Personal data protection act ( PDPA)  if it is not used for personal purposes. Hence, if Mr Tan leaves his business name card at a seminar for the purpose of being included in the organiser’s mailing list to attend future similar seminars, his personal data will not be protected under the PDPA.

  5. Whats Does Companies Have To Do  To Comply Under The Personal Data Protection Act (PDPA)?
  •  The organisation must notify the individual of the purpose eg if  an organisation is having a lucky draw, the participants must be informed that the personal data  collected is for the purposes of that lucky draw and may be disclosed to a third party eg sponsor

  • Second, the personal data required must be reasonable eg.  it is wrong for a TV vendor to ask the buyer for his entire family’s personal data.

  • Third, the organisation must not use false, misleading or deceptive means to obtain an individual’s personal data. eg. advertising for jobs that are non-existent to obtain personal data from applicants.

  • An organisation must notify the individual the specified purpose on or before it collects his personal data.

  • A Consent Form should include: the purpose of collecting the personal data, third parties the personal data may be disclosed to, withdrawal of consent, signature etc. In drafting such a form, care must be taken to avoid the use of language that is too vague or general which may invalidate the use of such a form.

  • A sample clause should look like this :

pdpa clause

If your organisation has not commenced including a personal data protection act (PDPA) clause in the event registration form , it is advisable to start practicing it .

In conclusion, i would like to share this slide .

 

personal data protection act

Credit :

Mr SL tan of SL Tan & Co  for the article on law gazette for which the bulk of the legal aspect was taken from.

PWC for the use of this slide for the purpose of educating our reader.

 

Recommended Posts

Leave a Comment

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Start typing and press Enter to search