Personal Data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.” – Personal Data Protection Committee Singapore
Singapore is protected under the Personal Data Protection Act 2012 (PDPA). The act ensures the protection of an individual’s personal data including rights of access and correction, collection of information, and reasonable purposes to use or disclose personal data.
However, there are some exemptions on this act. According to Section 4 (1) (c) of the PDPA, Data Protection cannot be imposed on any public agency. This includes education institutions that are government-aided, specialised independent schools, specialised schools, independent schools, and autonomous universities. Henry Park Primary School is within this description that is why PDPA cannot be fully enforced on the recent incident of data leakage under their organisation.
Two weeks ago, personal data of more than 1,900 pupils from Henry Park Primary School leaked. In a report from The Strait Times, a Microsoft Excel files containing the pupils’ names, birth certificate numbers, parent’s phone numbers and email addresses were mistakenly sent to some 1,200 parents. They mistakenly sent the file as part of their update on their school event.
Henry Park Primary School apologised for the incident and requested parents to delete the data. But, still some parents were concerned about the information breach. They are concerned that the information might be used without their permission.
Ministry of Education, on the other hand, said that there is an internal rule requiring school organisations to protect and encrypt sensitive information such as personal data not to be disclosed to unauthorised agencies / parties. This was not the first incident regarding data leakage; other private companies also experienced it. Last September, karaoke chain K Box had their members’ details exposed.
As a private institution under the Personal Data Protection Act 2012 (PDPA), ACP adheres to treat your personal information with utmost care in safeguarding it with the highest level of integrity. We make sure that your personal data can only be accessed by your appointed personnel. We protect online systems through password and implement access control matrix based on the assigned role.