Singapore Issues New Guidance on Disposing Personal Data

    Aug 10, 2016

    Singapore’s Personal Data Protection Commission (PDPC) issued new guidance on July 20 that seeks to educate organizations on the disposal of physical documents containing personal data, including best practices, examples of common mistakes, and considerations for outsourcing to third parties. The guidance was one of three new initiatives released by PDPC following enforcement decisions taken against organizations in Singapore that reflected the need for increased awareness about data security and data protection measures.

    “The connectivity we have today, especially with Big Data and the Internet of Things, has brought great benefits to both industry and consumers,” stated PDPC Chairman Leong Keng Thai in a press release. “This, however, has to occur in an environment of trust – involving the responsible collection, use and sharing of data.”

    According to the guidance, organizations should put in place documented policies and corresponding processes and procedures to protect data and retention schedules that define the retention limitations for data held and controlled by the organization.

    “Organizations need to be aware that untimely or unauthorized disposal of personal data (whether by the organization or a contracted third party) are important factors to consider beyond the methods applied during disposal, because they pose additional risks for the organization,” the guidance states.

    The online Global Policy Brief is intended to help you stay current on international news and events. Further information about the issue is accessed by clicking on the link provided at the end of each summary.

    Want to sign up to receive an email version of the Global Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

    © 2017, ARMA International