The sanctions made by the Personal Data Protection Commission (PDPC) have provided teeth to the Personal Data Protection Act, which took full effect in July 2014 ("Notable names among firms rapped for lapses in data security"; last Friday).
This is a crucial development in Singapore for three reasons.
First, Budget 2016 laid the foundation for the Industry Transformation Programme, which centres on technology adoption and innovation.
Data protection in a technological ecosystem, such as the one envisioned, is essential for not only personal, but also infrastructural, security.
This is especially so for the National Trade Platform, where data is shared among businesses and the Government.
Second, in line with the evolving commercial climate, businesses have a heightened focus on the leveraging of Big Data and the Internet of Things, with e-commerce business models being one of the most prevalent.
The sale and purchase of goods over the Internet involve the exchange of personal data, as well as other sensitive information, such as credit card details.
The importance of data protection should, therefore, never be an afterthought.
Third, the prevalence and reliance on sensitive personal data in almost every major industry in Singapore is unmistakable.
The PDPC has shown a real and current commitment to data privacy, with the flexing of its regulatory muscles.
There is a need for an awareness of both the obligations under the Act and the consequent implications for failing to protect personal data.
Such consciousness on the part of all stakeholders is key to ensuring confidence, certainty and commitment to data privacy by businesses and individuals alike.
Therefore, the decisiveness of the PDPC should be hailed as a promising milestone in the regulatory future in this space.
Bruno Poh Teck Boon