Division 1 - Consent
13. - Consent required14. - Provision of consent15. - Deemed consent16. - Withdrawal of consent17. - Collection, use and disclosure without consentDivision 2 - Purpose
18. - Limitation of purpose and extent19. - Personal data collected before appointed day20. - Notification of purposeDivision 1 - Preliminary
36. - Interpretation of this Part37. - Meaning of “specified message”38. - Application of this PartDivision 2 - Administration
39. - Register40. - Applications41. - Evidence42. - Information on terminated Singapore telephone numberDivision 3 - Specified message to Singapore telephone number
43. - Duty to check register44. - Contact information45. - Calling line identity not to be concealed46. - Consent47. - Withdrawal of consent48. - Defence for employee49. - Advisory guidelines50. - Powers of investigation51. - Offences and penalties52. - Offences by bodies corporate, etc.53. - Liability of employers for acts of employees54. - Jurisdiction of court55. - Composition of offences56. - General penalties57. - Public servants and public officers58. - Evidence in proceedings59. - Preservation of secrecy60. - Protection from personal liability61. - Symbol of Commission62. - Power to exempt63. - Certificate as to national interest64. - Amendment of Schedules65. - Power to make regulations66. - Rules of Court67. - Saving and transitional provisions68. - Dissolution
1. - An organisation may collect personal data about an individual without the consent of the individual or from a source other2. - In this paragraph and paragraph 1(h) —3. - (1) The conditions in this paragraph shall apply if the personal data is collected under paragraph 1(p).4. - For the avoidance of doubt, personal data disclosed before the appointed day in the circumstances and conditions set out in
1. - An organisation may disclose personal data about an individual without the consent of the individual in any of the following2. - In the case of disclosure under paragraph 1(c), the organisation shall, as soon as may be practicable, notify the individual3. - (1) The conditions in this paragraph shall apply to personal data disclosed under paragraph 1(p).4. - Paragraph 1(q) shall not apply unless —5. - For the avoidance of doubt, personal data collected before the appointed day in the circumstances and conditions set out in
(2) An organisation is responsible for personal data in its possession or under its control.
(a) personal data about the individual that is in the possession or under the control of the organisation; and
(1) An individual may request an organisation to correct an error or omission in the personal data about the individual that is in the possession or under the control of the organisation.
(4) When an organisation is notified under subsection (2)(b) or (3) of a correction of personal data, the organisation shall correct the personal data in its possession or under its control unless the organisation is satisfied on reasonable grounds that the correction should not be made.
(5) If no correction is made under subsection (2)(a) or (4), the organisation shall annotate the personal data in its possession or under its control with the correction that was requested but not made.
An organisation shall protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
(3) For the purposes of this Part, if a specified message is sent and at the relevant time the telecommunications device, service or network from which it was sent was controlled by a person without the knowledge of the owners or authorised users of the telecommunications device, service or network, the owners or authorised users shall, unless the contrary is proved, be presumed not to have sent the message and not to have authorised the sending of the message.
(4) In subsection (3), “control” means either physical control or control through the use of software or other means.
