Singapore data protection regulator to charge agency for breach of Do Not Call registry requirements

Out-Law News | 04 Jun 2014 | 10:03 am | 3 min. read

Singapore's Personal Data Protection Commission (PDPC) is to charge a tuition agency for allegedly breaching the requirements of Singapore's Do Not Call (DNC) registry and has launched investigations into a number of other organisations on similar grounds, it has announced.

Star Zest Home Tuition and its director face up to 37 counts of contravening section Singapore's Personal Data Protection Act (PDP Act) which relates to the obligation to check the DNC registry before sending telemarketing messages to Singapore telephone numbers, said the PDPC. According to the news website asiaone.com they will be charged in court on 4 June.

The move comes after the PDPC received a number of complaints relating to unsolicited telemarketing messages allegedly sent by the agency to Singapore telephone numbers which were registered with the DNC registry. According to the PDPC, the unsolicited messages offered the teaching services of various tutors signed up with the tuition agency.

Any person or organisation found guilty of the offence of sending telemarketing messages to Singapore telephone numbers without checking the registry will be liable to a fine of up to $7,700 per message sent, said the PDPC.

The DNC registry is designed to ensure consumers can opt out of receiving marketing messages by phone , mobile or fax..

The registry was established as part of the PDP Act which sets out rules governing the collection, use, disclosure and care of personal data. Although the registry came into effect in January this year, the PDP Act will not come fully into effect until 2 July. The legislation aims to safeguard individuals' personal data against misuse and promote proper management of personal data in organisations.

PDPC chairman Leong Keng Thai said: "The PDPC is serious about compliance with the DNC requirements in the PDP Act. We thank the members of the public who have cooperated with us in our investigations and are encouraged by individuals who have stepped forward to do so."

"We will continue to monitor compliance with the requirements in the PDP Act, including those relating to data protection, once the Act is fully in force on 2 July," said Leong.

The PDPC said that it has made investigations in response to 3,700 "valid complaints" from members of the public against 630 organisations since the DNC provisions came into effect in January. Insurance, property and tuition organisations are among those which have been investigated. The PDPC said that it had received a number of complaints relating to suspected unlicensed money-lending activities and that these have been referred to the police.

Two organisations paid out compensation amounts ranging from $400 to $800 in lieu of prosecution. 

Approximately 380 other organisations about which the PDPC has received "a small number of isolated complaints" have been issued notices warning them of the consequences of sending any further unsolicited telemarketing messages.

Bryan Tan of Pinsent Masons MPillay, the Singapore joint law venture partner of Pinsent Masons, the law firm behind Out-Law.com, said: "The plethora of enforcement actions taken indicates that the Commission is actively handling complaints, but it also not undertaking the exercise with a blunt tool.”

The PDPC said: "In considering the appropriate enforcement action to be taken in each case, the PDPC takes into account various factors including the seriousness of the breach, whether the sending of unsolicited telemarketing messages were isolated incidences, the number of complaints against the organisation and whether the organisation had been cooperative after being informed by the Commission to stop sending such unsolicited telemarketing messages."

The announcement of the forthcoming prosecutions in relation to the DNC registry follow the recent publication of Singapore's proposed data protection guidelines for its education, social services and health care sectors. Proposed advisory guidelines on photography have also been published. The proposals have been put out to a period of public consultation which is due to end on 6 June.

The guidelines cover issues such as obligations which organisations are required to comply with if they undertake the collection, use or disclosure of personal data.

The proposed guidelines relating to healthcare outline obligations surrounding issues such as securing consent to collect personal details from patients, transferring of personal data between organisations in the case of a referral and collecting, using or disclosing personal data for purposes unrelated to a patient's visit or medical care.

Tan said: “The guidelines for application in specific sectors serve as useful markers for specific industries who are likely to require more assistance than most. The air of anticipation for the legislation is rising and we expect further guidelines to be issued in the run-up to the 2 July deadline.”