Pilot for data protection certification scheme launched

The Data Protection Trustmark certification was announced in 2017, as part of several initiatives to ensure that the data protection ecosystem in Singapore stays up to date.
The Data Protection Trustmark certification was announced in 2017, as part of several initiatives to ensure that the data protection ecosystem in Singapore stays up to date.ST PHOTO: KUA CHEE SIONG

SINGAPORE - An open call for companies to join a pilot for data protection certification was launched on Wednesday (July 25) by the Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC).

The Data Protection Trustmark (DPTM) certification was announced in 2017, as part of several initiatives to ensure that the data protection ecosystem in Singapore stays up to date.

The certification will be officially rolled out by the end of 2018, after IMDA and PDPC finalise its process and framework following the pilot programme.

Entities certified under the DPTM scheme will be able to use and display a DPTM logo in their business communications during the three-year validity of the certificate. They will first have to apply to IMDA for the certification, after which they can select one of three independent bodies to conduct an assessment.

The assessment bodies are ISOCert, Setsco Services and TUV SUD PSB. Assessment fees, which will be paid to these bodies, start from $1,400.

In a joint statement, IMDA and PDPC said the DPTM would give entities a competitive advantage as it would allow consumers to identify organisations that have in place independently assessed data protection policies and practices.

The DPTM, which applies only to organisations based in Singapore, also incorporates relevant international data protection principles such as the Asia-Pacific Economic Cooperation (Apec) Privacy Framework. 

This will allow organisations with the DPTM certification to more seamlessly attain international certification and gives them another mechanism to legitimately transfer data across borders to other certified organisations in participating Asia-Pacific economies, said IMDA and PDPC.

Speaking at the 6th Personal Data Protection Seminar on Wednesday at the Raffles City Convention Centre, Minister for Communications and Information S. Iswaran said that when it comes to data protection, Singapore cannot rely on laws such as the Personal Data Protection Act alone.

Organisations, he added, must develop a culture of accountability to build consumer trust.

 

Said Mr Iswaran, who is also Minister-in-charge of Cyber Security: "While the Government will do its part to facilitate innovative and accountable data use, we strongly encourage organisations to put in place measures to do the same."

Eight companies are already undergoing the pilot programme, including Singtel, DBS Bank, RedMart and Fullerton Healthcare Group.

Commenting on  last week's SingHealth data breach, which was Singapore's worst cyber attack, Mr Iswaran reiterated in his speech on Wednesday that the PDPC will take into account the Committee of Inquiry's report in its assessment of any appropriate action to be taken.

He also said Singapore will not stop with its Smart Nation efforts.

"We have started our Smart Nation journey, and we will continue to move forward to seize opportunities afforded by technology even as we strengthen our systems, so as to build and sustain trust that we have painstakingly built up over the years," he said.

Organisations that want to participate in the pilot can sign up by Sept 30.