Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.This includes unique identifiers (e.g. NRIC number, passport number); photographs or video images of an individual (e.g. CCTV images); as well as any set of data (e.g. name, age, address, telephone number, occupation, etc), which when taken together would be able to identify the individual. For example, Jack Lim, 36 years old, civil servant, lives at Blk 123 Bishan St 23.
A business-to-business (B2B) marketing call, SMS/MMS or fax message (B2B marketing message) refers to a marketing message which is sent to an organisation, for any purpose of the receiving organisation. A marketing message sent to an individual acting in a personal or domestic capacity would not be considered a B2B marketing message, even if the message purports to be for a purpose of an organisation.
B2B marketing messages are not within the scope of the DNC Registry. The PDPC recognises that B2B marketing calls or messages may be essential to the day-to-day operations between businesses and note that most consumers will not be affected by B2B marketing messages that are sent to organisations.
Organisations may also register their business telephone numbers with the DNC Registry. To be clear, B2B marketing messages may still be sent to these registered business numbers if they are for a purpose of the organisation. An individual whose telephone or fax number is used as both a personal and business number may therefore still receive B2B marketing messages that are sent to his telephone or fax number as a business phone number.
While an organisation may not obtain consent for the collection, use or disclosure of personal data that is publicly available, it may still have to comply with all other obligations under the PDPA.
In particular, the PDPA provides that an organisation may collect, use or disclose personal data about an individual only for purposes that a reasonable person would consider appropriate in the circumstances. In this regard, the circumstances would need to be taken into account in determining whether the purpose is appropriate.
Given that publicly available personal data is already made available to the public, the PDPC recognises that for the purposes of the PDPA, it would not be practical nor useful to unduly limit the purposes for which such data can be collected, used or disclosed, unless it is for clearly unreasonable purposes, for example, the purpose is in violation of a law or would be harmful to the individual concerned. In any case, organisations should note that their collection, use or disclosure of personal data from publicly available sources may be bound by terms and conditions imposed and enforceable by the data source.
© 2017 Government of Singapore.
Best supported by IE 9 and above, Firefox and Chrome.