Personal Data Protection Act 2012

Select the provisions you wish to print using the checkboxes and then click the relevant "Print"

4 Application of Act

5 Personal Data Protection Commission

6 Functions of Commission

7 Advisory committees

9 Conduct of proceedings

10 Cooperation agreements

11 Compliance with Act

12 Policies and practices

14 Provision of consent

15A Deemed consent by notification

16 Withdrawal of consent

17 Collection, use and disclosure without consent

18 Limitation of purpose and extent

19 Personal data collected before 2 July 2014

20 Notification of purpose

21 Access to personal data

22 Correction of personal data

22A Preservation of copies of personal data

23 Accuracy of personal data

24 Protection of personal data

25 Retention of personal data

26 Transfer of personal data outside Singapore

26A Interpretation of this Part

26B Notifiable data breaches

26C Duty to conduct assessment of data breach

26D Duty to notify occurrence of notifiable data breach

26E Obligations of data intermediary of public agency

36 Interpretation of this Part

37 Meaning of "specified message"

38 Application of this Part

42 Information on terminated Singapore telephone number

43 Duty to check register

43A Duty of checkers

44 Contact information

45 Calling line identity not to be concealed

47 Withdrawal of consent

48 Defence for employee

48A Interpretation of this Part

48B Prohibition on use of dictionary attacks and address‑harvesting software

48C Interpretation and application of this Part

48D Unauthorised disclosure of personal data

48E Improper use of personal data

48F Unauthorised re‑identification of anonymised information

48G Alternative dispute resolution

48I Directions for non‑compliance

48J Financial penalties

48K Procedure for giving of directions and imposing of financial penalty

48L Voluntary undertakings

48M Enforcement of directions of or written notices by Commission in District Court

48N Reconsideration of directions or decisions

48O Right of private action

48P Data Protection Appeal Panel and Data Protection Appeal Committees

48Q Appeal from direction or decision of Commission

48R Appeals to General Division of High Court, etc.

49 Advisory guidelines

50 Powers of investigation

51 Offences and penalties

52 Offences by corporations

52A Offences by unincorporated associations or partnerships

53 Liability of employers for acts of employees

54 Jurisdiction of court

55 Composition of offences

56 General penalties

57 Public servants and public officers

58 Evidence in proceedings

59 Preservation of secrecy

60 Protection from personal liability

61 Symbol of Commission

63 Certificate as to national interest

64 Amendment of Schedules

65 Power to make regulations

67 Saving and transitional provisions

Protection of personal data

24. An organisation must protect personal data in its possession or under its control by making reasonable security arrangements to prevent —

(a)	unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks; and
(b)	the loss of any storage medium or device on which personal data is stored. [40/2020]

Search within Legislation