Expert: enforcement of 'Do Not Call' rules may offer clues as to approach of Singapore regulator to enforcing full data protection regime

Out-Law News | 14 Feb 2014 | 3:18 pm | 2 min. read

Businesses in Singapore should note the wave of enforcement action that the country's privacy regulator is currently engaged in and take steps now to ensure their compliance with the new data protection regime, a privacy law expert has said.

Bryan Tan of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind Out-Law.com, said that the swift and widespread action the Personal Data Protection Commission (PDPC) is taking in relation to breaches of new rules on marketing communications may be indicative of the approach the regulator takes to enforcing compliance with the full data protection law regime when it kicks in this summer.

Tan said that businesses in Singapore should start thinking about how to meet their obligations under the Personal Data Protection Act (PDPA) if they have not already done so. The Act was introduced into law in Singapore in January 2013 but does not fully come into effect until 2 July 2014. 

The expert was commenting after the PDPC announced that an unspecified number of organisations operating across several sectors in Singapore are currently subject to enforcement action after failing to adhere to new rules governing marketing communications.

It said that organisations across sectors such as private education, property, banking and finance, retail, insurance and telecommunications had breached rules around the operation of a 'Do Not Call' (DNC) Registry in Singapore.

From 2 January businesses operating in Singapore have been generally prohibited from sending marketing messages to individuals whose telephone numbers are included on the new DNC Registry.

Businesses are required to consult the Registry before sending such messages and face fines if they send messages to those who have asked not to be contacted. Only if they have received the "clear and unambiguous consent" of individuals listed on the Registry to the sending of marketing messages is that activity legitimate.

An exemption allows businesses to send either text or fax messages to promote "related products and services" to individuals they have an "ongoing relationship" with, without having to consult the new Registry first, providing those individuals are given the option to unsubscribe.

The PDPC said that it has received 1500 "valid complaints from the public" relating to 580 organisations about the way those organisations had failed to adhere to the DNC rules. It said that it is taking a range of enforcement action against a number of different companies, ranging from pursuing possible prosecution of one organisation to offering fines of between SIN$500 and SIN$1,000 (£238 - £476) to "at least" two more.

It has also issued warning notices to more than 100 other organisations warning them of the risk of prosecution should they continue to breach the rules, and said that it expects to issue further fines and warning in the coming few weeks.

"It is clear that the interest from the public is significant, seeing that the DNC rules came into effect on 2 Jan 2014 and that enforcement action could only be taken for messages after 2 February 2014 – 60 days after the DNC registry could accept listings," Bryan Tan of Pinsent Masons MPillay said. "It is also clear that the regulators are taking a very active role – and organisations would do well to take note should they fall behind in their compliance efforts."

The PDPC said that, in deciding what enforcement action to take in relation to breaches of the DNC rules, it considers factors such as the seriousness of a breach, whether unsolicited marketing communications were sent in isolation or not, the number of complaints received about an organisation and whether or not an organisation cooperates with it after being told to stop sending unsolicited messages.

"The PDPC will not hesitate to take enforcement action against errant organisations," Leong Keng Thai, chairman of the PDPC, said in a statement. "In addition, we will continue to reach out to organisations to ensure that they understand how to comply with the PDPA so that both organisations and consumers will be able to benefit from telemarketing best practices."