Asian countries continue to focus on developing their data protection legislation.
The Philippines Congress recently finished its second reading of House Bill 1554 which will introduce a unified and special law relating to data protection and privacy. Singapore, which already has some sectoral laws and a voluntary data protection model code, is now calling for the introduction of formal data protection legislation for parliamentary debate in early 2012.
The Philippines draft bill seeks to establish fair practices and regulate the collection, use and protection of individuals’ private information as well as to promote the development of its business process outsourcing industry. Under the Filipino bill, businesses and government agencies would have to obtain an individual’s unambiguous consent to collect and use their personal data. The bill also sets out data breach notification requirements to the regulator and to affected individuals when there is a real risk of serious harm, including breaches that may enable identity fraud. The proposed bill defines personal information quite broadly as “any data that can be used alone or in conjunction with other data to identify an individual”, and provides additional protections for sensitive personal information. Under the bill, a national Privacy Commission would be created that has the power to implement and enforce data protection legislation, including the authority to impose civil fines for certain violations and to refer suspected intentional violations to the Philippines Government’s Justice Department for investigation and potential imposition of criminal penalties of up to three years imprisonment.
In Singapore the Information, Communication and Arts Minister indicated that the country’s review to assess the need for a data protection system has been completed and that comprehensive data protection legislation will be introduced in early 2012.The Singaporean government has concluded that it would be in Singapore’s interests to protect individuals’ personal data against unauthorised use and disclosure. The objective of the proposed law is to curb excessive and unnecessary collection of individuals’ personal data, and for businesses and government to obtain individual consent before their personal information is disclosed. In addition the proposed legislation will create a Data Protection Council to oversee the implementation and enforcement of data protection legislation. It is not clear whether there will be a compulsory data breach notification element to any proposed Singapore legislation.
Both the Philippines and Singapore are members of the Asia-Pacific Economic Cooperation Forum (APEC), which issued a privacy framework for its 21 members. Both the Philippines draft house bill and the proposed Singaporean legislation are consistent with the APEC privacy framework principles.
As the number of Asian countries enacting data protection legislation increases, organisations must ensure they are ready to meet the requirements. This is particularly important for outsourcing suppliers as both countries view data protection legislation as a way of increasing commerce.
Reed Smith LLP is licensed to operate as a foreign law practice in Singapore under the name and style, Reed Smith Pte Ltd (hereafter collectively, “Reed Smith”). Where advice on Singapore law is required, we will refer the matter to and work with Reed Smith’s Formal Law Alliance partner in Singapore, Resource Law LLC, where necessary.