The ASEAN Model Contractual Clauses are contractual terms and conditions that may be voluntarily adopted by companies as a legal basis for the cross-border transfer of data. The ASEAN MCCs are primarily designed for transfers of personal data between ASEAN nations, but can also be adapted with appropriate modifications for data transfers between businesses within Singapore or transfers to countries outside the Association of Southeast Asian Nations.
With effect from 1 September 2019, organizations are generally not allowed to collect, use or disclose National Registration Identity Card numbers and copies of NRIC and other national identification numbers, except in certain specified circumstances. Notwithstanding clear guidance documents issued by the Personal Data Protection Commission, it appears that some organizations continue to collect, use or disclose such national identification numbers in breach of the Personal Data Protection Act.
This data privacy update addresses the amendments to the Personal Data Protection Act, the changes to the Spam Control Act, the publication of the Cyber Security Agency of Singapore’s report on the Singapore Cyber Landscape in 2020, and the proposed new licensing framework for cybersecurity service providers.