• Skip to main content
  • Skip to footer
  • About
    • Board of Directors
    • Advisory Board
    • Code of Ethics
    • Privacy Commitment
    • Fellowship Awards
    • Media
  • Get Involved
    • Membership
      • Advancing the Profession
      • Member Benefits
      • Why Join the PACC
      • Member Contact Update
    • Speak Out
    • Volunteer
    • Donate
      • Donor Bill of Rights
  • Certification
    • Apply for Certification
    • Recertification
    • Why Pursue Certification?
    • Certificate or Certification?
    • Accreditation
  • Resources
    • Strategic Privacy and Access Resource Center
      • Parents & Teachers
      • Standards
      • SPARC Contribution Guidelines
    • International Data Flows
    • Commissioners
    • Careers
    • Publications
    • Training & Education
  • Data Privacy Day
  • News & Views
    • Guest Post Guidelines
  • Contact
    • Speaking Invitations & Media Requests
    • Stay Informed & Avoid Spam
    • Partner
  • Login

The Privacy and Access Council of Canada

The voice for privacy and access

Privacy in the COVID-19 era

16/May/2020

The vast amounts of personal information now collected, used, and transferred to third party organizations for a variety of reasons is a trend that will surely grow as we move towards automation and digitalization. Data is also a vital component to ensure public health.

With the growing importance of data comes increased concern from individuals about how, when, why, and by whom their personal data is being collected, used, disposed of, and stored. In Singapore, that concern is addressed by the Personal Data Protection Act (PDPA) and a data protection regime to govern the collection, use, disposal and storage of personal data.

Singaporean public agencies are not governed by the PDPA because there are fundamental differences in how the public sector operates compared to the private sector. The public sector agencies have to comply with Government Instruction Manuals and the Public Sector (Governance) Act(PSGA) which collectively provide comparable, if not higher, standards of data protection compared to the PDPA. Investigations and enforcement actions for data security breaches are similar under both the PDPA and the PSGA.

After the World Health Organization (WHO) declared the outbreak of COVID‑19 a pandemic, various governments — including the Singapore government — took decisive actions to curb the spread of COVID-19. Since many of those actions involve the collection and use of personal information, thePersonal Data Protection Commission (PDPC) issued two advisories with regards to collecting Personal Data for COVID-19, and contact tracing and the use of Safe Entry

Collection of Personal Data for COVID-19 

Singaporean organizations may collect personal data of visitors to their premises for the purposes of contact tracing and other response measures in the event of an emergency, such as during the outbreak of the novel coronavirus (COVID-19). Here, it is important to note that the personal data can be collected, used, disposed of, and stored for the purposes of contact tracing, and to respond to an emergency that threatens the life, health, or safety of other individuals. The intent of in that context is to prevent harm and ensure the safety of the population at large, regardless if it causes an invasion of privacy.

The PDPC has developed a notice to inform that building owners are advised to post at prominent locations, so as to notify all concerned that personal data will be collected, used, disposed of, and stored during the pandemic for the purposes of preventing harm and contact tracing.

To ensure that contact tracing can be conducted meaningfully and effectively, it is essential that information be complete and accurate. Accordingly, details are gathered from National Identity Cards, Foreign Identification Cards, or even passports (something that was prohibited before COVID‑19).

Contact Tracing and Use of Safe Entry 

The Singapore Government has also encouraged premise owners and venue operators to use digital apps or systems such as Safe Entry for contact tracing. The intent here is to ensure that the personal data collected should not be used or disclosed for any other purposes except for contact tracing purposes. If the collected data is to be used for other purposes, then consent must be obtained, or the practice must be authorized by law.

Organizations must adequately protect the data that is being collected, and expunge it when it is no longer needed for the purposes related to contact tracing. The organizations should and must not keep such data if it is no longer needed.

When using digital apps or systems, organizations are encouraged to use their own devices and also register with the relevant Public Agencies, which have spelled out guidelines and measures that organizations must adhere to when using digital apps or systems. Cautionary guidelines and expectations to ensure the safe and proper collection of personal data are highlighted by the PDPC at www.pdpc.gov/sg/Help-and-Resources.

While the laws may differ between the countries, the common goal is to protect society at large during the pandemic, and protect the affected personnel without compromising their safety or privacy. A goal of many governments — earning and warranting the public’s trust — relies on informing people of the need to collect, use, dispose of, and store the personal data.

Corporations have a similar goal, and their Data Protection Officers provide essential services of ensuring proper and adequate training about the collection, use, storage, and disposal of personal information. Equipping data protection personnel with the right tools so that they can do their jobs efficiently and effectively — and ensuring proper measures, policies and systems are in place to mitigate breaches and resulting harms —  is vital to achieve corporate objectives and enable organizations to comply with the Personal Data Protection Act 2012.

Filed Under: Big Data, Government, Legislation, Privacy

Footer

PACC is the voice for privacy and access.

PACC is Independent  •  Non-profit  •  Non-partisan  •  Non-government

PACC is dedicated to the development and promotion of the access-to-information, information privacy, and data governance profession across the private, non-profit and public sectors.

PACC is the certifying body for access and privacy professionals, and engages in outreach efforts to advance awareness about access, privacy, and data protection.

Recent Posts

  • Guidelines 01/2021 on Examples regarding Data Breach Notification
  • Facial Recognition Cameras Here to Stay as Country’s Court System Entrenches Video Surveillance
  • IPC consultation on five-year strategic priorities under way
  • Info watchdog raps Privy Council Office for terminating access requests from public
  • A year to forget that’s worth remembering

© 2021 · Privacy and Access Council of Canada · Maintained by SLIcore Design.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkNoPrivacy policy