Changes to the Personal Data Protection Act (PDPA) were passed in Parliament in November 2020. These include mandatory data breach reporting, changes to the use of consent for users, data portability right of consumers and increased penalties for offences in the Act amongst others.
Under the PDPA's "exceptions to the consent requirement", organisations can now use, collect or disclose data for legitimate interests, business improvement and research and development. This includes fraud prevention, improving products and services or conduct market research to understand current and future customers. These greatly expanded the range of situations to use your customers' personal data.
The Personal Data Protection Commission (PDPC) investigated 185 cases involving data breaches and issued 58 decisions in 2019. It ordered 39 organisations to pay SG$1.7 million in penalties, including fining two entities for SG$750,000 and SG$250,000, respectively.
The number of organisations breaching Singapore’s PDPA include finance (14 per cent), retail (14 per cent), volunteer welfare organisations (10 per cent), professional services (9 per cent), and food and beverage (9 per cent). Untrained employees, inadequate security controls and weak passwords were among the top 10 common causes of PDPA breaches.
This practical and timely workshop will assist HR professionals, auditors, information security professionals, nominated data protection officers and the like to navigate the new requirements . The workshop will also be useful to marketing professionals looking to increase their market size and depth especially those companies engaged in electronic commerce.
Participants will be engaged in a hands-on exercise on updating their company’s policies for the above changes.
K. K. Lim
Head, Cybersecurity, Privacy and Data Protection
Eversheds Harry Elias LLP
A well-recognised figure in the information security and legal technology fraternity, KK is often invited to speak on technology law, risk compliance and cybersecurity and data protection in conferences and forums. Prior to being called to the Singapore Bar, KK worked for both the public and private sectors such as the Singapore Government, PLCs listed in Singapore and New York in the fields of technology policy, market research and information security consulting and data privacy including being the Chief Privacy Officer (APAC) for a global healthcare research company.
KK has also published in Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP) and the inaugural chapter contributor to Global Privacy & Security Law, a publication of Wolters Kluwer.
KK holds a Bachelor of Arts in Government and Psychology (University of Texas at Austin), a Bachelor of Laws (Monash University), a Master of Laws (National University of Singapore), a Specialist Diploma in Information Systems Security (Temasek Polytechnic) and is a Certified Information Security Manager (CISM). He is a co - founding member of The Association of Information Security Professionals (AiSP)(Singapore) as well as its former Secretary.
In addition to being the current Chair of the Cybersecurity and Data Protection Committee of The Law Society of Singapore, KK is also a Consultant with the Institute of Systems Science (ISS), National University of Singapore and an Adjunct Faculty Member of the Singapore Institute of Technology.