SINGAPORE: Eight organisations from the financial, health and lifestyle sectors will participate in a pilot programme which helps consumers identify businesses that have good data protection practices.
During the Data Protection Trustmark (DPTM) certification scheme pilot, the organisations - which include, Singtel, DBS Bank, Fullerton Healthcare group and Redmart - will have their data protection practices independently assessed. If they meet the mark, they can use and display the Trustmark logo.
AdvertisementThese pilot organisations will help fine-tune the certification controls and processes, and the pilot itself will help finalise the DPTM scheme framework and certification process before it is launched at the end of this year.
The DPTM scheme, first announced last July, will help companies gain consumers’ trust and confidence, the Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC) said in a joint statement on Wednesday (Jul 25).
“The greater the consumer trust, the more confidence consumers and the general public have in sharing their personal data with organisations, and the more data innovations organisations can deploy,” Communications and Information Minister S Iswaran said at the pilot launch on Wednesday.
A survey conducted in 2016 showed that four out of five respondents agreed that the introduction of a certification scheme would improve consumer confidence, particularly if the certification is linked to a Government body.
AdvertisementAdvertisement“In other words, good data protection policies and practices are a competitive advantage in the business world,” Mr Iswaran added.
The DPTM also incorporates relevant international data protection principles such as the APEC Privacy Framework, which would allow organisations with the Trustmark to more seamlessly attain these international certifications.
This gives them another mechanism to legitimately transfer data across borders to other certified organisations in participating Asia-Pacific economies.
DBS senior vice president of financial crime and security services Eric Chung said the DPTM scheme "reinforces our commitment to our customers that your money and personal data is safe with us, so we hope that it can give us a competitive advantage".
DBS is also "quite confident" it can obtain the Trustmark, Mr Chung said, pointing to the already highly-regulated nature of the finance industry.
Nevertheless, he added that the bank will look at how it can protect customers' data better in relatively new areas like machine and artificial intelligence.
While DBS has traditionally informed customers about data accountability through privacy policies, personal notifications and daily interactions, Mr Chung noted that the scheme will make this accountability more visible.
"Ultimately having a seal is not enough," he said. "It's really our day-to-day operations, how we show in our practices and our interaction with customers that we do value their personal data and use it responsibly."
IMDA has appointed three independent assessment bodies for the scheme: ISOCert, Setsco Services and TUV SUD PSB.
This comes after PDPC in March invited accredited companies providing audit and certification of management systems to participate as assessment bodies.
These bodies will assess if applicants’ data protection practices are aligned with DPTM certification requirements and identify gaps that need to be addressed.
HOW TO APPLY
The DPTM scheme is only available to organisations based in Singapore. Those interested must first apply to IMDA. They then select one of the three assessment bodies who will conduct an audit and submit its report to the regulator.
If satisfied, IMDA will issue the certification. Certified organisations will be able to use and display a DPTM logo in their business communications for the duration of the certification, which is three years.
“The DP Trustmark is a visible badge of recognition for accountable and responsible data protection practices used by organisations, including appropriate data protection policies and practices, adequate measures to identify and address data protection risks, and a sound data management plan,” Mr Iswaran said.
Organisations that want to participate in the pilot can sign up by Sep 30.
Let's block ads! (Why?)
More...