Skip to main content

Advertisement

Advertisement

PDPC guidelines on removing data that can identify people to be revised

SINGAPORE — The Personal Data Protection Commission (PDPC) is revising the anonymisation chapter of its advisory guidelines to provide clarity on the definition of anonymised data and the responsibilities of organisations in using such data, said its deputy commissioner, Mr Yeong Zee Kin, yesterday.

SINGAPORE — The Personal Data Protection Commission (PDPC) is revising the anonymisation chapter of its advisory guidelines to provide clarity on the definition of anonymised data and the responsibilities of organisations in using such data, said its deputy commissioner, Mr Yeong Zee Kin, yesterday.

Speaking at the annual Data Privacy Asia conference, he noted that with advances in technology having impacted the way organisations function, anonymisation can allow better use of data to improve operations.

Anonymisation refers to the process of stripping out information in data sets that can identify a person.

The move will allow the wider use of data, such as for analysing trends and gathering insights to help improve products and services, while reducing the risk of unintended disclosure.

The PDPC is consulting the industry on the proposed revisions and will publish details in the coming months.

“(Some) data is just sitting in our storage and services and not being used, that’s not benefiting businesses that much. If it’s not benefitting businesses, they can’t make use of the data to fine-tune and improve services, (and utilise the) ability to reach out to customers,” Mr Yeong said at one of the conference sessions.

Without offering specific details, he said the revision would provide clarity on what the PDPC considers anonymised data, highlight key considerations that organisations should take into account when deciding whether to anonymise data, and clarify the responsibilities of organisations in using such data.

Mr Yeong said the guidelines are not intended to provide a technical definition of anonymised data, nor meant to prescribe measures or standards for risk assessment.

“In past discussions about anonymisation, the first thing that was talked about was what kind of technology to use, which algorithm to use to embed the data, and we get stuck in that conversation focusing mainly on technology.

“What we hope to do with the guidelines is to ... include other safeguards to prevent abuse, we want to encourage a risk-based approach to this,” he added.

The revision of the anonymisation chapter is part of the commission’s effort to keep its advisory guidelines on the Personal Data Protection Act — which aims to safeguard individuals’ personal data from misuse — updated and relevant to the changing climate.

The guidelines were issued in September 2013, and its chapter on closed-circuit television cameras was revised in June this year.

“A lot of our guidelines are not old but we’ve pushed out some revisions already and anonymisation is one of (those). It is a developing area, so we need to make sure that it’s up to date as our thinking in this area evolves, the technology in this area evolves, and as the conversation in other parts of the world about anonymisation evolves,” Mr Yeong said.

Data privacy and protection have been at the forefront of discussions as more organisations adopt technology in their operations.

“As businesses start to embrace cloud and mobile technology, a lot of data consumed and used is stored outside the realm of enterprises and because of that, a lot of that is exposed. And with exposure comes the responsibility for firms to protect that (data),” said Ovum principal analyst Clement Teo, who moderated the session in which Mr Yeong spoke.

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.