PDPA otherwise known as the Personal Data Protection Act was introduced to Singapore on December 7, 2012 with hopes of the Act becoming a fully functional law by July 2, 2014. Generally, the Act presents a typical data protection law that will govern the collection, use and disclosure of one’s personal information by businesses in Singapore. The Personal Data Protection Commission informally referred to as the ‘Commission’ was formed to administrate and enforce the legislation under the Act.
The Commission sent on an Advisory Guideline Document (informally referred to as the ‘Guidelines’) on September 24, 2013 that was to practically explain further how personal information should be used by organizations in order to still in line of the regulations of the Act. It was recommended that in order to ensure that these guidelines are followed, organizations should consider implementing the policies as company policies and a lose host training seminars in frequent intervals. This will not only raise awareness but also keep your company in line with the law.
Proper Use of Personal Data within Business
Under the PDPA companies will now be obligated to clearly inform individuals exactly why they need to collect their personal information as well as how it will be used and who will be privy to this information. Following this, companies must obtain individual consent before they can move forward. Even with this consent, however, consumers will all be given the opportunity to register their contact information on a special Do – Not – Call (DNC) Registry that will allow them the right not to be contacted on their Singapore telephone numbers. Registration for this began December 2, 2013 on the Commission’s website.
How Does all this Affect say An Events Agency?
The Act clearly speaks about specific exceptions to the need of getting an individual’s consent. This comes into play even more when that information will be publicly available. Based on the guidelines most, if not all, companies in the events management sector including photography agencies who take photographs of individuals in public, print media, telephone directories and websites that offers personal data to the public (including social networking websites) will need re analyze their polices to reflect these guidelines.
So if you run an events company and you are planning an event in which you will be required to collect personal data, say a seminar where you will be creating a register or maybe capturing telephone number and email addresses. According to the PDPA you will be required to obtain the permission of all your guests and explain to them clearly why you you are capturing the information , what it will be used to do, where it will be stored and to whom it would be readily available to. If your event management team hires a photographer to take pictures of the event, the same rules apply. Whether or not you capture an individual, with their knowledge or just take random candid photographs you will be obligated to inform your patrons that you have taken their photograph, why you need it, how it will be used, where it will be used and who will be granted access to it.
Failure to comply with these regulations will result in severe penalties for your events agency.
Preventing of Liability
Preventing liability of your events agency or on your events management team is extremely vital as due to the Act the Commission has been given the power give out administrative fines that can be as high as S$1 million. There are also criminal sanctions and fines that under the Act that can extend up to S$100,000 in addition to 12 months imprisonment if convicted.
Your organization will be responsible for any breaches of the legislation whether it was done by you, the owner, or one of your employees as long as the breach was done in the terms of their employment. This comes into play whether the employer or members of the event management team were aware of the breach or not.
However, if it can be proven that your organization took necessary steps in an attempt to prevent the said employee from carrying out the illegal act or committing the offense then the Guidance gives your organization leverage as you will not be liable for your employee’s action. IT is due to this clause that the Guidance advises companies including event agency owners to implement company policies that will in line with the regulations laid out in the Act so as to guide your employees on the path of compliance.