Personal Data Protection Commission (PDPC)

Do you diligently monitor and assess your organisation’s personal data protection policies and practices to ensure compliance with the Personal Data Protection Act (PDPA) and conduct audits to address any identified gaps? If so, you may be a Data Protection (DP) Executive! Continue reading to explore the core competencies and key responsibilities that define the role of a DP Executive. We recognise that many data protection professionals are balancing multiple responsibilities within their roles. To support you in navigating this complex landscape, we want to help with providing you with relevant resources and targeted training opportunities. Stay tuned to our page for more updates on specialised training programs designed to enhance your expertise and advance your data protection capabilities. #PDPCSingapore #PDPA

Inadequate enforcement and formulation of password policies, failure to stipulate clear security responsibilities in contracts with vendors and lack of ICT policies to cover critical aspects in IT security were investigated in the latest Commission’s Decision cases. 🔍 Here’s an overview: - 1 organisation was found to have breached the Protection and Accountability Obligations. - A financial penalty was imposed and directions were issued to the organisation. - 3 organisations have provided voluntary undertakings to the PDPC. Learn more about what happened, ways that organisations could have prevented these incidents and remediation actions taken in the quick summary below. 🔗 For the full case facts, visit https://lnkd.in/diYF3beu (In determining on whether to impose a financial penalty, and if so, the amount of any such financial penalties, the PDPC will deliberate over the factors listed in section 48J and 48J(6) of the PDPA respectively. Each case is decided on its specific facts and circumstances as listed at Section 48J(6) of the PDPA.)

📣Join the IMDA Solid PODS Hackathon, and win up to $8,000! We’re calling on innovators and problem-solvers to participate in the IMDA Solid PODS Hackathon, in collaboration with the Singapore Academy of Law’s TechLaw.Fest. This is your chance to shape the future of data management. An emerging, cutting-edge tech – Solid Personal Online Data Stores (PODS) – can allow individuals to easily find control over their data and enhance personalisation in services. Participants in the hackathon will get to attend workshops for team formation and networking opportunities, and even hear from experts on Solid PODS. Participants are welcome to apply as a team of up to 5 members or as solo participants. Participation is entirely free, and all participants will get to receive complimentary trade passes to TechLaw.Fest 2024. 🔗 Register now at https://lnkd.in/gvrgsUNY or share your questions with us at <Data_Innovation@imda.gov.sg>.

Failures in deleting unnecessary personal data, weak processes for software updates, inadequate access control to personal data, and unclear data protection requirements in IT vendor contracts were investigated in the latest Commission’s Decision cases. 🔍 Here’s an overview: - 2 organisations were found to have breached the Protection Obligation. - Financial penalties were imposed on both organisations and directions were issued to one of them. - 10 organisations have provided voluntary undertakings to the PDPC. Learn more about what happened, ways that organisations could have prevented these incidents and remediation actions taken in the quick summary below. 🔗 For the full case facts, visit https://lnkd.in/grcU75aG (In determining on whether to impose a financial penalty, and if so, the amount of any such financial penalties, the PDPC will deliberate over the factors listed in section 48J and 48J(6) of the PDPA respectively. Each case is decided on its specific facts and circumstances as listed at Section 48J(6) of the PDPA.) #PDPCSingapore #PDPA

Thank you to everyone who participated in #PDPWeek2024! Your support was pivotal in making the event a tremendous success! As #PDPWeek2024 comes to a successful end, we extend our heartfelt appreciation and thanks to all our guests, speakers, industry partners, and regulators from around the world who joined us this week to explore the potential of trusted data in driving innovation: OpenAI, Accenture, Singapore Academy of Law, Microsoft, Mastercard, Workday, IMDA and many more. It was also our pleasure to host PET Summit APAC at #PDPWeek2024 for the first time, and partner IAPP - International Association of Privacy Professionals and OECD - OCDE to establish platforms to further conversations around privacy, technologies and cross border flows. As shared by the Minister for Digital Development and Information, Mrs Josephine Teo, while each country has to develop its own regulatory approach, tailored to its specific need, international cooperation is essential to truly harness the potential of the digital economy in an increasingly interconnected world. Such collaborations will enhance the competitiveness of our economies while ensuring a secure and inclusive global digital ecosystem. We look forward to seeing the practical strategies and valuable insights from this week translate into ideas and solutions that empower innovation with trusted data. Through collaboration, we aim to achieve Singapore’s dual objectives of data protection and risk mitigation while fostering market innovation. See you next year at PDP Week 2025! #PDPCSingapore #PDPA

We're more than midway into #PDPWeek2024! We kicked off Day 3 with the IAPP - International Association of Privacy Professionals Asia Privacy Forum 2024 happening right here in Singapore. It was an insightful morning, starting with a keynote address by PDPC Deputy Commissioner Denise Wong, and followed by a panel discussion featuring distinguished ASEAN regulators Leandro Angelo Aguirre, Vikash Chourasia, Thienchai na Nakorn, Denise Wong, and moderated by Lanx Goh, Global Head of Privacy at Prudential. The subsequent panel discussions convened industry experts including Charmian Aw, Darren Grayson Chng, Josh Lee Kok Thong, Wei Loong Siow, Bojana Bellamy, Derek Ho, William Malcolm, Benjamin Moore, and Adeline Tung. They examined topics of data sovereignty and cross border data transfers amidst maturing governance structure across the vast and diverse Asia continent, as well as ways to address existing challenges relating to the uptake of PETs and what could be done to incentivise their adoption. Key takeaways from today's #APF24 include: - Companies and regulators can leverage the AI Verify Foundation to harness the collective power of the global open source community for developing AI testing tools, boosting AI testing capabilities, and ensuring responsible AI use. - For organisations interested in Generative AI, there is Project Moonshot, an easy-to-use Gen AI testing toolkit, to address safety and security challenges associated with large language models (LLMs). - The ASEAN Data Management Framework and the ASEAN Model Contractual Clauses serve as the foundation of data governance practices, ensuring robust data protection and facilitating seamless data flow across borders within the ASEAN region. These frameworks can help businesses comply with data protection regulations while fostering trust and cooperation among ASEAN member states. The third day was filled with valuable insights on diverse data protection laws and regulations across Asia, global privacy trends, and the ways countries are strengthening security measures to safeguard personal data in an increasingly digital world. We look forward to more discussions and networking on the last day of #PDPWeek2024 tomorrow! See you there!

Day 3 of #PDPWeek2024 is marked by the IAPP - International Association of Privacy Professionals Asia Privacy Forum 2024, Asia’s premier event in privacy. The opening session was led by Denise Wong , Deputy Commissioner of PDPC. Her insightful address focused on fostering innovation and trust through the advancement of progressive data governance. In our interconnected world, powered by advancing digital technologies, #AI has become essential for many organisations. Deputy Commissioner Denise Wong shared on Singapore's approach in adopting pragmatic approach to leverage technologies responsibly and safely. It is important that in such a complex and rapidly evolving environment, that we place a renewed emphasis on trust as a cornerstone of the work we do. With all the ASEAN regulators in one space, she also touched on how ASEAN regulators have come together, in as early as 2016, to develop data management frameworks to facilitate data transfers in the region. In recent months, ASEAN regulators have also developed the ASEAN Guide on AI Governance and Ethics serving as the first common standard in the region that provides guidance on implementing trustworthy AI in ASEAN. Singapore has also renewed our Memorandum of Intent with IAPP - International Association of Privacy Professionals as part of a long-standing partnership, which will allow Singapore to continue to host the Asia Privacy Forum for the next three years. The forum will be a pivotal platform for both the local data protection community in Singapore as well as the communities in the ASEAN region to participate in global discourse on data and AI. #PDPCSingapore #PDPA

We're on Day 2 of #PDPWeek2024 and diving deep into the realm of Privacy-Enhancing Technologies (PETs) with PET Summit APAC 2024! Check out what went down today: We were thrilled to host subject experts during the dynamic panel sessions including Denise Wong, Derek Ho, William Malcolm, Anne Joséphine Flanagan, MBA, Arun M, Dr. Duan Pu, Nina Liguda, April Chin, Christian Reimsbach Kounatze, Manprit Singh, Mark Medum Bundgaard, Anubhav Nayyar, Zheng Leong Chua, and Jesse Schrater as they explored the transformative potential of PETs in the digital economy. Here's some key takeaways we heard: • PETs balance data use and privacy protection, enabling compliance for cross-border data flows and fostering secure data sharing. • A combination of PET techniques is essential to address complex real-world problems, enhancing new products and solutions. • There is no silver bullet; identify the problem, understand each PET to select the right one, and incorporate the correct combination and collaboration to approach the issue. • Input defines the output; consider at which stage of the lifecycle PETs are applied and understand the trade-offs. • Focus on understanding the business well to choose the right PET, as PETs de-risk and reduce risk, rather than merely solving problems. The day was packed with invaluable insights and collaborative discussions, emphasising the importance of PETs in driving innovation with trust across industries. We hope all participants left with meaningful takeaways to help propel their businesses forward in the digital economy. Stay tuned for more updates as we continue to bring you exciting announcements from #PDPWeek2024! #PDPCSingapore #PDPA

Day 2 of #PDPWeek2024 was marked by the commencement of the Privacy-Enhancing Technology (PET) Summit Asia-Pacific 2024 with IMDA Chief Executive, Chuen Hong Lew, setting the stage with an opening address, sharing his views on the transformative potential of PETs in unlocking the full value of data while ensuring the protection of personal and commercially sensitive information. Sharing some use cases from the IMDA PET Sandbox, he explained how some businesses have already benefitted through the use of PETs. Banks are leveraging automated systems for data classification and obfuscation to comply with banking laws, avoid suspicion, and expedite #AI model training. Privacy-enhancing AI such as federated learning is also being used to improve the accuracy of customer response predictions and increase its customer engagement with its digital wallet function and their rewards programme. Despite the current hype around #GenAI, he stressed the importance of investing in foundational tools for long-term benefits. Effective management of confidential data involves the use of synthetic data and PETs. Expansion of the PET Sandbox, as announced by Minister Josephine Teo yesterday, can help to unlock more data for generative AI use cases, and address confidential data related risks largely across input and output data. We warmly invite industry to propose use cases for collaboration under this expansion. 🔗 For more information, visit https://lnkd.in/grEuN8fx #PDPCSingapore #PDPA

With PDP Seminar kickstarting the day, it was our pleasure to host a distinguished panel of experts at our first discussion with Shameek Kundu, Jessica G Lee, Irene Liu, Jason Tamara Widjaja and PDPC Deputy Commissioner Denise Wong, as they discussed risks, challenges, and strategies to navigate today's complex intersection between data protection and #AI. In our second panel discussion, industry leaders including Zee Kin Yeong, Derek Ho, Amos Tan, Barbara Cosgrove and Chris Ng explored the necessary tools, proficiencies and data-driven mindset Data Protection Officers (DPOs) in today's digital landscape should possess to go beyond defending, but architecting design and implementation of systems and processes to ensure compliance with data protection regulations. Here's some of today’s key takeaways: - When it comes to developing robust and representative machine learning models, training datasets should be diverse and broad, at times crossing geographic boundaries, language or cultures, in order to ensure diversity of knowledge. - Layers of safeguards need to be built in at every stage including training, development, and deployment to ensure data protection. - DPOs should be an enabler and pick up tangential and closely aligned skills like vendor management to contribute positively to a multi-disciplinary team and to help their organisation achieve their business objectives. - Singapore's regulatory stance is one of learning, early engagement and real conversations, sharing what we care about and co-creating with industries, to ensure both vertical and horizontal collaboration with stakeholders across various sectors. Following the flagship PDP Seminar, there was also a series of workshops conducted by conducted by Cybersecurity and Data Protection Committee, The Law Society of Singapore, AsiaDPO, IMDA, Microsoft and Future of Privacy Forum, ending Day 1 of #PDPWeek2024 with invaluable learnings and hands-on experience for participants. They developed a stronger understanding of how to balance compliance with innovation by operationalising the ASEAN Model Contractual Clauses (MCCs) and EU Standard Contractual Clauses (SCCs), leverage Privacy-Enhancing Technologies to support safe data use and deploying safe yet versatile GenAI solutions in their businesses. Stay tuned to more updates as we will share exciting announcements from the PET Summit APAC and IAPP Asia Privacy Forum. #PDPCSingapore #PDPA