Singapore Government
Link to Homepage
Home | About Us | Browse | Advanced Search | Results | My Preferences | FAQ | Help | SSO Enhancements
 
Contents  

Long Title

Enacting Formula

Part I PRELIMINARY

Part II PERSONAL DATA PROTECTION COMMISSION AND ADMINISTRATION

Part III GENERAL RULES WITH RESPECT TO PROTECTION OF PERSONAL DATA

Part IV COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

Division 1 — Consent

Division 2 — Purpose

Part V ACCESS TO AND CORRECTION OF PERSONAL DATA

Part VI CARE OF PERSONAL DATA

Part VII ENFORCEMENT OF PARTSĀ III TO VI

Part VIII APPEALS TO DATA PROTECTION APPEAL COMMITTEE, HIGH COURT AND COURT OF APPEAL

Part IX DO NOT CALL REGISTRY

Division 1 — Preliminary

Division 2 — Administration

Division 3 — Specified message to Singapore telephone number

Part X GENERAL

FIRST SCHEDULE Repealed

SECOND SCHEDULE Collection of personal data without consent

THIRD SCHEDULE Use of personal data without consent

FOURTH SCHEDULE Disclosure of personal data without consent

FIFTH SCHEDULE Exceptions from access requirement

SIXTH SCHEDULE Exceptions from correction requirement

SEVENTH SCHEDULE Constitution and proceedings of Data Protection Appeal Panel and Data Protection Appeal Committees

EIGHTH SCHEDULE Exclusion from meaning of "specified message"

NINTH SCHEDULE Powers of investigation of Commission and Inspectors

 
Slider
Left Corner
Print   Link to Viewed VersionLink to In-Force Version
 
On 30/03/2017, you requested the version in force on 30/03/2017 incorporating all amendments published on or before 30/03/2017. The closest version currently available is that of 02/10/2016.
Slider
PART V
ACCESS TO AND CORRECTION OF
PERSONAL DATA
Access to personal data
21.
—(1)  Subject to subsections (2), (3) and (4), on request of an individual, an organisation shall, as soon as reasonably possible, provide the individual with —
(a)
personal data about the individual that is in the possession or under the control of the organisation; and
(b)
information about the ways in which the personal data referred to in paragraph (a) has been or may have been used or disclosed by the organisation within a year before the date of the request.
(2)  An organisation is not required to provide an individual with the individual’s personal data or other information under subsection (1) in respect of the matters specified in the Fifth Schedule.
(3)  An organisation shall not provide an individual with the individual’s personal data or other information under subsection (1) if the provision of that personal data or other information, as the case may be, could reasonably be expected to —
(a)
threaten the safety or physical or mental health of an individual other than the individual who made the request;
(b)
cause immediate or grave harm to the safety or to the physical or mental health of the individual who made the request;
(c)
reveal personal data about another individual;
(d)
reveal the identity of an individual who has provided personal data about another individual and the individual providing the personal data does not consent to the disclosure of his identity; or
(e)
be contrary to the national interest.
(4)  An organisation shall not inform any individual under subsection (1) that it has disclosed personal data to a prescribed law enforcement agency if the disclosure was made without the consent of the individual pursuant to paragraph 1(f) or (n) of the Fourth Schedule or under any other written law.
(5)  If an organisation is able to provide the individual with the individual’s personal data and other information requested under subsection (1) without the personal data or other information excluded under subsections (2), (3) and (4), the organisation shall provide the individual with access to the personal data and other information without the personal data or other information excluded under subsections (2), (3) and (4).
Correction of personal data
22.
—(1)  An individual may request an organisation to correct an error or omission in the personal data about the individual that is in the possession or under the control of the organisation.
(2)  Unless the organisation is satisfied on reasonable grounds that a correction should not be made, the organisation shall —
(a)
correct the personal data as soon as practicable; and
(b)
subject to subsection (3), send the corrected personal data to every other organisation to which the personal data was disclosed by the organisation within a year before the date the correction was made, unless that other organisation does not need the corrected personal data for any legal or business purpose.
(3)  An organisation (not being a credit bureau) may, if the individual consents, send the corrected personal data only to specific organisations to which the personal data was disclosed by the organisation within a year before the date the correction was made.
(4)  When an organisation is notified under subsection (2)(b) or (3) of a correction of personal data, the organisation shall correct the personal data in its possession or under its control unless the organisation is satisfied on reasonable grounds that the correction should not be made.
(5)  If no correction is made under subsection (2)(a) or (4), the organisation shall annotate the personal data in its possession or under its control with the correction that was requested but not made.
(6)  Nothing in this section shall require an organisation to correct or otherwise alter an opinion, including a professional or an expert opinion.
(7)  An organisation is not required to comply with this section in respect of the matters specified in the Sixth Schedule.