Measures to Protect Personal Data of Facebook Users in Singapore
Ministry of Digital Development and InformationSpeakers
Summary
This question concerns the measures to protect Singaporean Facebook users' personal data following United States security breaches, as raised by Mr Lim Biow Chuan. Minister S Iswaran explained that organizations must comply with the Personal Data Protection Act 2012, which mandates reasonable security arrangements and informed consent for data usage. The Personal Data Protection Commission monitors breaches and coordinates with international counterparts, having specifically requested details from Facebook regarding its 2018 vulnerability to ensure local users were notified. The Commission is monitoring global investigations to determine if further enforcement action is required while ensuring Facebook implements measures to prevent a recurrence of such vulnerabilities. Finally, the Minister emphasized individual responsibility, advising users to utilize platform privacy settings and remain cautious about the personal information they share online.
Transcript
35 Mr Lim Biow Chuan asked the Minister for Communications and Information in view of the security breach in personal data of Facebook users in USA, whether there are any measures to protect the personal data of Facebook users in Singapore.
The Minister for Communications and Information and Information and Minister-in-charge of Trade Relations (Mr S Iswaran): Mr Speaker, organisations that collect, use and disclose personal data in Singapore, including Facebook, are required to comply with the Personal Data Protection Act 2012, or PDPA. Among other things, the PDPA requires organisations to notify individuals of the purposes for which they are collecting, using or disclosing personal data, to obtain consent where required, and to make reasonable security arrangements to protect the personal data under their possession or control.
The Personal Data Protection Commission, or PDPC, monitors data breach incidents closely and will take appropriate enforcement actions if it assesses that the PDPA has been breached. In doing so, PDPC works with its regulatory counterparts in other jurisdictions to share information on incidents, and with the relevant organisations to inform and help affected individuals.
With respect to Facebook’s security breach in September 2018, Facebook reported that a feature allowing Facebook users to see what their own profiles looked like to others had a vulnerability which enabled attackers to view Facebook users’ accounts without permission. Upon learning of the security vulnerability, PDPC immediately contacted Facebook to request for additional details, such as whether Singapore users were affected and the measures Facebook was taking to prevent a recurrence of such vulnerabilities. PDPC ensured that Facebook alerted affected users and advised them of the steps they could take to protect themselves. PDPC is also closely monitoring that matter, including the investigation in the US and other related developments and will assess whether further action is necessary.
Meanwhile, I also want to take this opportunity to stress that all of us have a role to play in protecting our personal data. Users of Facebook and other social media platforms should make full use of these platforms’ security features to protect their personal data, such as selecting their preferred option in the privacy settings of social media platforms. Users should also be careful about the personal data that they share online, so as to minimise the impact should a data breach occur.