Singapore courts hand down fines for first prosecutions under ‘do not call’ rules

Out-Law News | 29 Aug 2014 | 10:58 am | 1 min. read

A Singapore tuition agency and its director have become the first to be prosecuted and fined under the country’s Personal Data Protection Act (PDPA), which came into force on 2 January 2014.

Star Zest Home Tuition, and its director, Law Han Wei, were each fined 39,000 Singapore dollars (SGD) ($31,000) by the State Courts on 27 August after pleading guilty to 13 of 27 charges of flouting ‘do not call’ (DNC) registry rules.

The DNC was established to allow consumers to register and block unsolicited marketing calls, mobile phone text messages and faxes. The registry has about 600,000 registered numbers to date.

The courts heard that the agency and its director sent messages to mobile subscribers to market the services of its tutors between 3 and 14 January without first checking with the DNC. Further investigations revealed that 364 valid complaints were made against the agency.

From 2 January, businesses operating in Singapore have been generally prohibited from sending marketing messages to individuals whose telephone numbers are included on the DNC registry. Businesses are required to consult the DNC before sending such messages and face fines if they send messages to those who have asked not to be contacted. Only if a business has received the "clear and unambiguous consent" of individuals listed on the DNC to the sending of marketing messages is that activity legitimate.

Any person or organisation found guilty of sending telemarketing messages to Singapore telephone numbers without checking the DNC face fines of up to SGD 10,000 ($8,000) per message sent.

Privacy law expert Bryan Tan of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind Out-Law.com, said: “The case re-affirms that the regulators take a serious approach to enforcement and that no further sunrise periods will be granted. It also illustrates that company officers responsible for an organisation’s breach are personally liable for offences under the PDPA.”

The PDPA was passed by Singapore's parliament in October 2012 and governs the way that companies collect, use, disclose and process personal data. It does not apply to public bodies. The Personal Data Protection Commission announced earlier this year that an unspecified number of organisations operating across several sectors in Singapore were subject to enforcement action after failing to adhere to the new rules governing marketing communications.