[ad_1]
SINGAPORE: In the event of a data breach, organizations may soon be fined up to 10 percent of their annual gross turnover, or $ 1 million, whichever is greater, if the proposed amendments to the Data Protection Act are approved Singapore Personnel.
Companies are currently liable for a fine of only $ 1 million, but authorities are seeking stronger deterrents for data breaches.
The stricter sanction will be aligned with the law in other jurisdictions, such as the European Union, said the Ministry of Communications and Information (MCI) and the Personal Data Protection Commission (PDPC) of privacy surveillance in its fourth consultation exercise. public to amend the Law on Thursday (May 14).
The EU General Data Protection Regulation, for example, sets a maximum income-based financial penalty of 4 percent of an entity’s global annual turnover, or € 20 million (S $ 30.7 million), whichever is higher.
The application of potentially higher fines in Singapore is among a list of proposed amendments to the draft Personal Data Protection (Amendment) Act.
Other key proposed amendments on which authorities are inviting feedback include forcing organizations to notify PDPC of a data breach involving 500 or more people, or that may cause harm to affected people, as well as notifying same people affected.
Individuals may also request that a copy of their personal data be transmitted to another organization under a new data portability obligation, so that users can easily switch service providers.
This bill also includes amendments related to the Spam Control Act (SCA), which has been in effect since 2007. The SCA, for example, will be amended to cover commercial text messages sent in bulk to instant messaging accounts, like WhatsApp and Facebook Messenger, to protect users from unsolicited messages.
If an individual discloses personal data in the possession or control of an organization, they will also be guilty of a crime and could be fined up to $ 5,000 or imprisoned for up to two years, or both. Such sanctions will be aligned with internal public sector rules for public officials who mishandle government data.
PDPC Deputy Commissioner Yeong Zee Kin said in a statement that public confidence in the management of their data by organizations is “especially important” when digital services such as electronic commerce are becoming more prevalent. This occurs when the digital economy generates a large amount of data, even in recent weeks, when many activities have moved online, he said.
“The amendments … will support the efforts of our organizations as they transform and grow in the digital economy to better serve consumers,” he added.
The public consultation on the MCI website ends on May 28 at 5 p.m.
[ad_2]