Singapore Government
Link to Homepage
Home | About Us | Browse | Advanced Search | Results | My Preferences | FAQ | Help | PLUS
 
Contents  

Long Title

Enacting Formula

Part I PRELIMINARY

Part II PERSONAL DATA PROTECTION COMMISSION AND ADMINISTRATION

Part III GENERAL RULES WITH RESPECT TO PROTECTION OF PERSONAL DATA

Part IV COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

Division 1 — Consent

Division 2 — Purpose

Part V ACCESS TO AND CORRECTION OF PERSONAL DATA

Part VI CARE OF PERSONAL DATA

Part VII ENFORCEMENT OF PARTSĀ III TO VI

Part VIII APPEALS TO DATA PROTECTION APPEAL COMMITTEE, HIGH COURT AND COURT OF APPEAL

Part IX DO NOT CALL REGISTRY

Division 1 — Preliminary

Division 2 — Administration

Division 3 — Specified message to Singapore telephone number

Part X GENERAL

FIRST SCHEDULE Repealed

SECOND SCHEDULE Collection of personal data without consent

THIRD SCHEDULE Use of personal data without consent

FOURTH SCHEDULE Disclosure of personal data without consent

FIFTH SCHEDULE Exceptions from access requirement

SIXTH SCHEDULE Exceptions from correction requirement

SEVENTH SCHEDULE Constitution and proceedings of Data Protection Appeal Panel and Data Protection Appeal Committees

EIGHTH SCHEDULE Exclusion from meaning of "specified message"

NINTH SCHEDULE Powers of investigation of Commission and Inspectors

 
Slider
Left Corner
Print   Link to Viewed VersionLink to In-Force Version
 
On 24/11/2017, you requested the version in force on 24/11/2017 incorporating all amendments published on or before 24/11/2017. The closest version currently available is that of 02/10/2016.
Slider
PART VI
CARE OF PERSONAL DATA
Accuracy of personal data
23.  An organisation shall make a reasonable effort to ensure that personal data collected by or on behalf of the organisation is accurate and complete, if the personal data —
(a)
is likely to be used by the organisation to make a decision that affects the individual to whom the personal data relates; or
(b)
is likely to be disclosed by the organisation to another organisation.
Protection of personal data
24.  An organisation shall protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
Retention of personal data
25.  An organisation shall cease to retain its documents containing personal data, or remove the means by which the personal data can be associated with particular individuals, as soon as it is reasonable to assume that —
(a)
the purpose for which that personal data was collected is no longer being served by retention of the personal data; and
(b)
retention is no longer necessary for legal or business purposes.
Transfer of personal data outside Singapore
26.
—(1)  An organisation shall not transfer any personal data to a country or territory outside Singapore except in accordance with requirements prescribed under this Act to ensure that organisations provide a standard of protection to personal data so transferred that is comparable to the protection under this Act.
(2)  The Commission may, on the application of any organisation, by notice in writing exempt the organisation from any requirement prescribed pursuant to subsection (1) in respect of any transfer of personal data by that organisation.
(3)  An exemption under subsection (2) —
(a)
may be granted subject to such conditions as the Commission may specify in writing; and
(b)
need not be published in the Gazette and may be revoked at any time by the Commission.
(4)  The Commission may at any time add to, vary or revoke any condition imposed under this section.