In the wake of Singapore’s historic data breach, minister for communications and information, Mr S Iswaran, made an open call for organisations to participate in a pilot for Singapore’s data protection trustmark (DPTM) certification scheme, due to launch end-2018.
To date, eight organisations are participating in the pilot, which aims to improve upon the framework before it is finalised later this year.
In a joint effort by the infocomm media development authority (IMDA) and personal data protection commission (PDPC), the scheme sets out to inculcate sound, transparent and accountable data protection practices among Singapore-based organisations.
Any Singapore-based organisation interested in signing up to the pilot can do so by 30 September.
"Businesses that can win their customers’ trust will be better able to thrive in today’s data-driven Digital Economy,” said Tan Kiat How, CEO of IMDA and commissioner of the PDPC.
In a survey conducted by the PDPC, four out of five of those surveyed agreed that organisations that collect, use and disclose personal data ought to have strong data protection policies and practices.
Furthermore, two-thirds of respondents favoured an organisation that demonstrates a sound data protection regime.
“Through Singapore’s Data Protection Trustmark, organisations can now visibly communicate the soundness of their data protection policies and practices to their customers and stakeholders,” added Tan.
According to the same PDPC survey, organisations saw data protection as an important criterion when selecting a vendor to manage personal data on their behalf, with 80 per cent seeing certification as a significant contributor to brand image for an organisation.
“We are heartened to have a number of companies actively participating in the pilot programme and encourage the rest to come on board in the coming months," said Tan.
The certification lasts for a period of three years, and for those organisations that receive certification under the scheme, a DPTM logo can be displayed in their business communications for the duration of that period.
Having such a scheme in place aims to provide the consumer with confidence that their data is secured in accordance with data protection best practice.
The eight organisation participating in the pilot include Carpe Diem @ ITE; Chan Brothers Travel; DBS Bank; Fullerton Healthcare Group; Fullerton Systems and Services; RedMart; Singtel; and Tan Tock Seng Hospital Community Fund.
To help marshal the certification scheme will be three independent assessment bodies, appointed by IMDA, who include ISOCert, Setsco Services and TUV SUD PSB.
These assessment bodies will identify whether an organisation is in compliance with the certification and also help in identifying gaps that organisations should address.
All Singapore-based organisations are eligible to participate in the scheme but must apply first through IMDA and pay a $1,400 assessment fee to the assessment body, which is the organisation can choose.
Once approved by the IMDA, the certification will be awarded to the organisation.
Furthermore, while the DPTM is a Singapore trustmark, it also includes relevant international data protection principles such as the OECD guidelines on the protection of privacy and trans-border flows of personal data; and the APEC privacy framework, enabling a more seamless experience for organisations to such certifications in the future.