Since the Personal Data Protection Act 2012 (“PDPA”) came into force the principle of “notification” of individuals has been enshrined in the law. However, the PDPA remained silent on how an organisation should achieve compliance.
On September 11 2014 the Personal Data Protection Commission (“PDPC”) issued a “Guide to Notification” for organisations to follow in order to ensure good practice. The Guide to Notification sets out that a notification should contain relevant information such as:
- types of personal data to be collected, used and disclosed;
- purposes of collection, use and disclosure of personal data;
- recipient of personal data;
- how an individual may withdraw consent and the consequences;
- business contact information of the data protection officer;
- how an individual may access or correct personal data.
The notification should also be clear, brief and to the point.
HireRight already operates best practice when it comes to notifying candidates as to the purposes of collection, use and disclosure of personal data and “consents” covering the above are embedded in our candidate portal. HireRight’s systems ensure that Singaporean entities can comply with these new guidelines when conducting pre-employment screening.