The full names and home addresses of Singapore residents were spotted in full view of the public at the community centre (CC) at Chong Pang – a division of Nee Soon GRC. Reddit user u/leo-g posted censored pictures of posters showing the information, pasted on the windows of the CC.
The posters featured tables listing the full names, addresses, membership number and meal preference for several residents. The tables appear to contain information of residents who have signed up to participate in an event organised by the CC.
Netizens responding to the lists freely showing such personal information expressed concern and wondered whether such acts flout the nation’s Personal Data Protection Act (PDPA) laws.
According to the Personal Data Protection Commission (PDPC) – a group under the Info-Communications Media Development Authority (IMDA), which is a statutory board under the Ministry for Communications and Information – public agencies are exempt from the provisions under the PDPA.
The PDPC’s website states that “the data protection provisions in the PDPA (parts III to VI) generally do not apply to any public agency or an organisation in the course of acting on behalf of a public agency in relation to the collection, use or disclosure of the personal data.”
According to Singapore Statutes Online, the People’s Association – which runs CCs – is among the listed among the statutory bodies that are specified to be public agencies for the purposes of the Act. The People’s Association falls under the purview of the Prime Minister’s Office.
The protection of private information has been a hot topic recently, after the Ministry of Health revealed that the confidential information (like names, addresses, contact numbers and medical records) of 14,200 HIV-Positive patients and 2,400 these patients were in contact with were leaked from the HIV Registry.
These confidential records are now in the illegal possession of a foreigner who has been deported from Singapore. The foreigner has disclosed the confidential details online.
The HIV Registry leak comes less than a year after the SingHealth data hack – the most massive data breach in the history of Singapore, that compromised the confidential records of 1.5 million people, including Prime Minister Lee Hsien Loong and Emeritus Senior Minister Goh Chok Tong.