Personal Data Protection Act (PDPA)
The purpose of the Personal Data Protection Act (PDPA) is
to govern the collection, use and disclosure of personal data by organizations
in a manner that recognizes both the right of individuals to protect their
personal data, and the need of organizations to collect, use or disclose
personal data for purposes that a reasonable person would consider appropriate
in the circumstances.
PERSONAL DATA refers to data, whether true or not, about
an individual who can be identified from that data; or from that data and
other information to which the organization has or is likely to have access.
This includes unique identifiers (e.g. NRIC number, passport number),
as well as any set of data (e.g. name, age, address, telephone number,
occupation, etc.) which when taken together would be able to identify the
individual.
Researchers should note that the scope of PDPA only applies to identifiable
data. The PDPA does not apply to data that is used in anonymized form.
The PDPA takes into account the following concepts:
-
Consent – organizations may collect, use or disclose personal data only with the individual's knowledge and consent (with some exceptions);
-
Purpose – organizations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
-
Reasonableness – organizations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.
References and Further Reading
For more information on the Personal Data Protection Act, please refer to the following websites:
-
Singapore Statutes Online, available at https://sso.agc.gov.sg/Act/PDPA2012
-
Personal Data Protection Commission Singapore, available at https://www.pdpc.gov.sg/legislation-and-guidelines/overview
NHG Data Protection Offices
Download the List of NHG DPOs and DP Offices here. (Restricted: NHG Intranet access required)