Personal Data Protection Act 2012
Table of Contents
Long Title
Part 1 PRELIMINARY
1 Short title
2 Interpretation
3 Purpose
4 Application of Act
Part 2 PERSONAL DATA PROTECTION COMMISSION AND ADMINISTRATION
5 Personal Data Protection Commission
6 Functions of Commission
7 Advisory committees
8 Delegation
9 Conduct of proceedings
10 Cooperation agreements
Part 3 GENERAL RULES WITH RESPECT TO PROTECTION OF AND ACCOUNTABILITY FOR PERSONAL DATA
11 Compliance with Act
12 Policies and practices
Part 4 COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
Division 1 Consent
13 Consent required
14 Provision of consent
15 Deemed consent
15A Deemed consent by notification
16 Withdrawal of consent
17 Collection, use and disclosure without consent
Division 2 Purpose
18 Limitation of purpose and extent
19 Personal data collected before 2 July 2014
20 Notification of purpose
Part 5 ACCESS TO AND CORRECTION OF PERSONAL DATA
21 Access to personal data
22 Correction of personal data
22A Preservation of copies of personal data
Part 6 CARE OF PERSONAL DATA
23 Accuracy of personal data
24 Protection of personal data
25 Retention of personal data
26 Transfer of personal data outside Singapore
Part 6A NOTIFICATION OF DATA BREACHES
26A Interpretation of this Part
26B Notifiable data breaches
26C Duty to conduct assessment of data breach
26D Duty to notify occurrence of notifiable data breach
26E Obligations of data intermediary of public agency
Part 7
27 (Repealed)
28 (Repealed)
29 (Repealed)
30 (Repealed)
31 (Repealed)
32 (Repealed)
Part 8
33 (Repealed)
34 (Repealed)
35 (Repealed)
Part 9 DO NOT CALL REGISTRY
Division 1 Preliminary
36 Interpretation of this Part
37 Meaning of "specified message"
38 Application of this Part
Division 2 Administration
39 Register
40 Applications
41 Evidence
42 Information on terminated Singapore telephone number
Division 3 Specified message to Singapore telephone number
43 Duty to check register
43A Duty of checkers
44 Contact information
45 Calling line identity not to be concealed
46 Consent
47 Withdrawal of consent
48 Defence for employee
Part 9A DICTIONARY ATTACKS AND ADDRESS‑HARVESTING SOFTWARE
48A Interpretation of this Part
48B Prohibition on use of dictionary attacks and address‑harvesting software
Part 9B OFFENCES AFFECTING PERSONAL DATA AND ANONYMISED INFORMATION
48C Interpretation and application of this Part
48D Unauthorised disclosure of personal data
48E Improper use of personal data
48F Unauthorised re‑identification of anonymised information
Part 9C ENFORCEMENT
48G Alternative dispute resolution
48H Power to review
48I Directions for non‑compliance
48J Financial penalties
48K Procedure for giving of directions and imposing of financial penalty
48L Voluntary undertakings
48M Enforcement of directions of or written notices by Commission in District Court
48N Reconsideration of directions or decisions
48O Right of private action
Part 9D APPEALS
48P Data Protection Appeal Panel and Data Protection Appeal Committees
48Q Appeal from direction or decision of Commission
48R Appeals to General Division of High Court, etc.
Part 10 GENERAL
49 Advisory guidelines
50 Powers of investigation
51 Offences and penalties
52 Offences by corporations
52A Offences by unincorporated associations or partnerships
53 Liability of employers for acts of employees
54 Jurisdiction of court
55 Composition of offences
56 General penalties
57 Public servants and public officers
58 Evidence in proceedings
59 Preservation of secrecy
60 Protection from personal liability
61 Symbol of Commission
62 Power to exempt
63 Certificate as to national interest
64 Amendment of Schedules
65 Power to make regulations
66 Rules of Court
67 Saving and transitional provisions
68 Dissolution
Legislative History
Abbreviations