insights Archives - AT Law Practice LLP

Clients may now engage lawyers in Singapore under conditional fee agreements – Part Two

Leave a Comment / insights / By atlawpractice

This is the second part of a two-part article on the recent law passed in Singapore on allowing conditional fee agreements. Basic information about CFAs such as what are CFAs and in what situations CFAs can be used in Singapore is contained in part one of this article.

Ministry of Law in its press release in Nov 2021 which was issued in line with its introduction of the relevant Bill explained the reasons for initiating this change in Singapore law that now permits CFAs in certain situations:

CFAs will enhance access to justice especially for businesses and individuals who may otherwise not pursue meritorious claims;
CFAs may discourage lawyers from pursuing weak and frivolous claims since they risk receiving no or much lower fees if the claim is unsuccessful;
Singapore lawyers will be better able to compete with lawyers in other jurisdictions who are already able to offer CFAs to their clients.

We must remember that a CFA is just a type of contract between the lawyer and his/her client regarding his/her fees. As such, CFAs must be in writing and signed by the client.

CFAs are not intended to replace traditional fee structures. Fees charged under CFAs are still subject to professional conduct rules against overcharging.

CFAs also do not absolve a lawyer from his/her professional conduct obligations to the client such as, advising his client if there is a high likelihood of getting a greater sum of damages through litigation rather than accepting the settlement offer on the table.

There will be safeguards that the Ministry of Law will introduce for the CFA framework via subsidiary legislation such as information that the lawyer must provide to his/her client before entering the CFA with the client, terms and conditions of a CFA etcetera.

In a recent press article Mr. Tong was quoted as explaining that in Singapore as the CFAs do not apply to indigent litigants for now, there is no need to impose any limits on uplift fees but if the CFA framework is expanded to cover other types of cases beyond what is permissible now, this will be a fresh consideration which the Ministry of Law will review at the appropriate time.

Read part one of this article which contains basic information about CFAs such as what are CFAs, who can use them and in what types of proceedings.

Clients may now engage lawyers in Singapore under conditional fee agreements – Part One

Leave a Comment / insights / By atlawpractice

This is the first part of a two-part article on the recent law passed in Singapore on allowing conditional fee agreements. More general information about CFAs such as the benefits of CFAs and the rules that apply to CFAs in Singapore are contained in part two of this article.

In line with many popular commercial jurisdictions in the world that now permit conditional fee agreements (“CFAs”) in some form, CFAs are now allowed in the Singapore legal services framework for the first time in history with the passing of the Legal Profession Amendment Act 2022. Contingency fee arrangements (where the amount of legal fees payable is a percentage or a proportion of the damages recovered for the client) are still prohibited under Singapore law.

CFAs like contingency fee arrangements were prohibited in Singapore until Legal Profession Amendment Act 2022 made CFAs legal within certain parameters only for now. CFAs are allowed under Singapore law only in selected proceedings i.e. they cannot be universally adopted in all proceedings. However, Second Minister for Law, Mr. Edwin Tong explained that the Ministry of Law is currently studying the feasibility of extending CFAs but will consider it carefully as domestic proceedings may involve more vulnerable litigants.

What is a CFA?

It is a contractual agreement between a client and his lawyer under which the lawyer agrees to receive his fees only in specified circumstances for example “no win, no fee”, “no win, less fee” or the lawyer can charge an additional amount known as “uplift” or “success fee” if the case is won.

Who can use CFAs?

Singapore law practices, certain registered foreign lawyers and foreign law practices can use CFAs.

When can CFAs be used?

Mr Tong explained in Parliament earlier this week that “the over-arching CFA framework has been designed with the flexibility to enable the framework to be expanded incrementally step-by-step after we study and we take into account views by stakeholders. The main tenet of the CFA framework has been set out in the Bill [now the Act – as the Bill has been passed] supplemented by safeguards to be prescribed under subsidiary legislation. The categories of proceedings permitted by the CFA framework will also be set out in the subsidiary legislation.”

Thus, CFAs will likely be permitted international and domestic arbitration proceedings, certain proceedings in the Singapore International Commercial Court (“SICC”) and related court and mediation proceedings. We need to wait for the relevant subsidiary legislation to find out the exact scope permitted under the current CFA framework.

Continue reading part two of this article which contains some general information about CFAs such as benefits of CFAs and the rules that apply to CFAs in Singapore.

The latest round of residential property cooling measures effective from 16 December 2021 – Part Two

Leave a Comment / insights / By atlawpractice

This is the second part of a two-part article on the recent residential property cooling measures implemented by the government to put some brakes on the heating residential property market in Singapore. Part one of this article includes the details of the new measures introduced in relation to additional buyer’s stamp duties.

Let us now take a look at the new changes introduced in relation to Loan-To-Value limit and Total Debt Servicing Ratio respectively.

Loan-To-Value limit

LTV serves as a safeguard against over-leveraging by requiring financial institutions to restrict home loans to a certain percentage of the value of the property purchased. The new LTV limit directly affects only those HDB flat buyers who are taking loans from HDB. LTV limit for HDB residential property loans from HDB was lowered from 90 percent to 85 percent.

Total Debt Servicing Ratio

TDSR limits the amount of money a person can borrow from a financial institution to purchase property. The threshold for TDSR was lowered from 60 percent to 55 percent. This effectively means that a buyer cannot borrow an amount for the purchase of property that would raise his/her total debt repayments, including any other loan and credit card debts beyond 55 percent of his/her monthly income.

In any case, most of the new measures have little to no effect on first time buyers. Also, some private property owners may choose to decouple in light of the new measure i.e an owner transfers his/her share of the home to another co-owner. This would then allow the transferor to buy a ‘first’ property under his/her name. However, owners of HDB flats cannot decouple, except under special circumstances (e.g. divorce).

Some analysts in the market feel these new measures will be ‘harder hitting’ compared to earlier rounds of cooling measures implemented by the government especially because of the greater ABSD rates. Others feel it would merely arrest the upward price momentum of both private and HDB properties.

It remains to be seen how these new measures will impact the market. Only time will tell.

Read part one of this article which includes the recent measures introduced in relation to additional buyer’s stamp duties.

Let us now take a look at the new changes introduced in relation to Loan-To-Value limit and Total Debt Servicing Ratio respectively.

Loan-To-Value limit

Total Debt Servicing Ratio

It remains to be seen how these new measures will impact the market. Only time will tell.

Read part one of this article which includes the recent measures introduced in relation to additional buyer’s stamp duties.

The latest round of residential property cooling measures effective from 16 December 2021 – Part One

Leave a Comment / insights / By atlawpractice

This is the first part of a two-part article on the recent residential property cooling measures implemented by the government to put some brakes on the heating residential property market in Singapore.

The latest round of property cooling measures effective from December 16, 2021 was introduced by the government to put some brakes on the heating property market in Singapore.

Although most people will have to agree that there were clear signs that the market was heating up, the timing of the new measures was unexpected and the gap between their announcement and their implementation – a mere 25 minutes – was even more unexpected.

For buyers of residential property, the new measures include the following:

higher Additional Buyer’s Stamp Duties (ABSD);
lower Loan-To-Value (LTV) limit; and
lower Total Debt Servicing Ratio (TDSR).

Additional Buyer’s Stamp Duties

ABSD is levied on buyers who purchase residential property.

The new cooling measures impose a flat 30 percent tax on foreign buyers for any residential property (up from 20 percent).

There has been no change for Singapore citizens (0 percent ABSD) and permanent residents (5 percent ABSD) buying their first property.

With the new measures Singapore citizens will now have to pay 17 percent (up from 12 percent) for a second residential property and 25 percent (up from 15 percent) for a third and subsequent properties. PRs on the other hand will now have to pay 25 percent (up from 15 percent) for a second residential property and 30 percent (up from 15 percent) for a third.

Entities (company or association) are looking at 35 percent ABSD (up from 25 percent) plus 5 percent non-remissible if the entity is a housing developer and the ABSD deadline is five years regardless of the size of the development.

Read part two of this article which covers the recent changes to the Loan-To-Value Limit, the Total Debt Servicing Ratio and the views of analysts about their impact on the market.

Your Legal Checklist for Start-up Success – Part Two

insights / By atlawpractice

In part two of this two-part article, we continue to look at further legal and regulatory matters to be cognisant of as well as employment matters, tax and business contracts. Click here if you would like to read part one of this article on your legal checklist for start-up success.

Competition Laws: Singapore adopted its Competition Act to ensure markets are competitive. Your start-up will benefit from building a compliance program in its business model that educates staff and management about the competition related laws to reduce the risks of potential business infringement. An effective compliance program will also protect you against anti-competition activities of rivals by raising awareness to such activities.

Anti-Money Laundering (AML): This area is governed by the Anti-Money Laundering and Terrorism Financing Act. Companies are realising the importance of evaluating money laundering risks in their organisations. Depending on the nature of your business, you may need to have the tools and techniques to implement a risk-based AML and Combating the Financing of Terrorism (CFT) program for your business.

Business Permits and Licenses: Different sectors may require specific licenses to operate. Some examples are highlighted here. Trading and shipping businesses require TradeNet licenses. Event management businesses require Arts Entertainment Licences for plays and copyright permits to reproduce copyright at events.

For fintech start-ups, the Monetary Authority of Singapore (MAS) guidelines are important to review. The FinTech Regulatory Sandbox enables financial institutions and FinTech players to experiment with innovative financial products or services in a live environment but within defined perimeters.

The application process to the industry-specific regulators is usually straightforward if you fulfil their requirements.

Employment Law
The laws in Singapore including the Employment Act are straightforward and designed to promote entrepreneurship and ease of doing business in Singapore. You may also wish to read our article on the why Singapore is attractive to investors – click here. Singapore’s government gives significant freedom to businesses and employees to negotiate mutually beneficial employment contracts (e.g. there is currently no minimum wage requirement in Singapore).

Tax
The Singapore government’s efficient tax regime for start-ups have helped the country emerge as one of the dominant start-up hubs in Singapore. Although start-ups have many tax incentives and there are numerous industry-specific tax deductions and incentives made available to businesses registered in Singapore, your business still has several tax obligations.

Corporate Tax Obligations: Singapore companies are required to declare their revenue and file Estimated Chargeable Income (ECI) with the Inland Revenue Authority of Singapore within three months of the end of their chosen financial year. ECI is the estimated taxable income of the company for the given financial year. Even if a company estimates its chargeable income as zero, it still has to file a “Nil” ECI.

Goods and Service Tax (GST): A Singapore business must register for GST if your business has a turnover of more than S$1 million in the prior 12 months or is projected to do so in the course of the next 12 months.

Business Contracts
Depending on what business you intend to carry out, you will need specific legal contracts to protect your company. Some example agreements which most businesses require include shareholders agreements, employment contracts, investment agreements, non-disclosure agreements, company constitutions, independent contractor services agreement and IP assignment or licensing contracts. It is wise to resist the urge to draft your own agreements especially if you are new to the area or lack specialist experience in it, just to save some money. More often than not, poorly drafted agreements will backfire, and disagreements could end up costing a lot more than what you initially tried to save.

Contact Us
If you would like to receive legal advice on setting up your business, protecting your IP rights, drafting relevant contracts required for your business or on compliance issues, please approach our experienced and affable team at AT Law Practice LLP – click here.

Your Legal Checklist for Start-up Success – Part One

insights / By atlawpractice

So, you have an incredible business idea. You now want to make this intangible idea produce tangible returns. However, you just do not know where to start! Well, this article will shed some light on the various legal issues start-ups in Singapore should look out for and point you in the right direction, starting with your recommended business structure.

Business Structure
There are various types of business entities you can register to start your business – sole proprietorship, partnership, limited liability partnership, limited partnership company and private limited company. Irrespective of the type of entity you register, all of them are governed by the Singapore Companies Act and they have to comply with the Inland Revenue Authority of Singapore (IRAS) and Accounting and Corporate Regulatory Authority (ACRA) rules and regulations.

Registering a private limited liability company is the most popular route taken by start-ups in Singapore. There are many reasons for this – the security of limited liability in the event the business fails to flourish, no requirement for any substantial capital requirements, the ease with which one can set up a new company in Singapore and the ease with which new investors can be brought into the company. Private limited liability companies also enjoy certain tax benefits.

Protecting Intellectual Property (IP) Rights
The protection of your brand name, inventions, designs, symbols and images used in commerce all fall under IP laws. The intangible nature of IP makes it unique compared to other forms of property. Although you can gate your house to prevent others from entering, what can you do if another company tries to use your unique brand design? Proper registration will give you the right to stop others from using identical or similar designs, reducing counterfeits at the same time.

Aside from that, another reason to secure your IP rights is to use it as a foundation to build your brand. Trademarking your brand name or design will allow you to use it for marketing any product or service, significantly increasing awareness towards your brand, making marketing easier for you. This in turn adds value to your company as investors usually pay for goodwill of a brand.

Corporate Governance
Once your company is registered and its IP is protected, your start-up needs to comply with various corporate rules, practices and processes to stay within the boundaries of the law. Below is just a basic summary of some aspects of corporate governance for your business.

Annual General Meeting (AGM): The Companies Act dictate that Singapore companies must hold an AGM once every calendar year to present its financial accounts. The first AGM should take place within 18 months from the date of incorporation. Any changes you make to your company structure at the AGM such as a change in the shareholders, change of directors, company name change, change of address, etc. must be lodged with ACRA – within 14 days in most cases.

Accounting Standards: All Singapore companies must comply with the Singapore Financial Reporting Standards (SFRS). Small or medium-sized business can just follow the ‘SFRS for small entities’ (set up by the government) which is a set of streamlined compliance requirements to ease the burden on small businesses.

You are required to keep your business records and accounts for a period of at least five years. Otherwise, there could be financial penalties.

Legal & Regulatory Compliance
Other than corporate governance, there are also legal and regulatory guidelines to follow when managing your business.

Personal Data Protection: The Personal Data Protection Act (PDPA) has two separate mechanisms for the protection of personal data in Singapore: Do Not Call (DNC) provisions and the data protection provisions for a business. Businesses are required to nominate a person in the role of data protection officer (DPO) to ensure that their company complies with the PDPA and its regulations. This includes a privacy policy, internal processes and procedures including adoption of adequate security measures and training for employees, among other things.

Click here to continue reading part two of this article on your legal checklist for start-up success. If you would like to receive legal advice on setting up your business, protecting your IP rights, drafting the relevant contracts required for your business or on compliance issues, please approach our experienced and affable team at AT Law Practice LLP – click here.

Singapore is a very attractive location for foreign direct investment – Part Two

insights / By atlawpractice

This is part two of a two-part article which explores the reasons why Singapore is a very attractive investment destination for foreign investors looking to spread their eggs in more than one basket. Continued from Part One (please click here if you wish to access Part One of this article) …

Singapore has several free trade zones that are open for local enterprises as well as foreign companies to take advantage of. These opportunities are leveraged for storage, repacking and export activities. It also has free zones and industrial parks which are very attractive to foreign investors.

Singapore is very appealing for European investors who can obtain EORI numbers and start trading with companies in the European Union. However, before starting a business as an overseas entrepreneur, it is important to understand the legislation on investment in Singapore.

Singapore retains its competitive edge for property investment despite property investors having been directly impacted by the different rounds of cooling measures implemented by the government. It is widely recognized that these measures have been put in place to prevent a property bubble from forming. Although initially there was some impact but now these measures are widely seen as a plus to help ensure their investment property will continue to hold its value in the long run in Singapore.

The best starting point for any foreigner investor interested in setting up a business in Singapore is to reach out to the Singapore Trade Development Board which promotes FDI and the Singapore Economic Development Board (EDB) which provides incentives to foreign investors setting up operations/businesses in Singapore.

The EDB, a government agency under the Singapore Ministry of Trade and Industry, is responsible for strategies that enhance Singapore’s position as a global centre for business, innovation, and talent. EDB supports investment promotion and industry development, and works with international businesses, both foreign and local, by providing information, connection to partners and access to Singapore government incentives for their investments. To get more information about the EDB and contact details of its offices across the world, visit their website at www.edb.gov.sg

In the EDB’s “EDB Year 2020 In Review” report the EDB explained, “According to the United Nations Conference on Trade and Development (UNCTAD), global foreign direct investment (FDI) flows fell 49% in the first half of 2020. It expects a 30% to 40% decline in FDI flows for the full year. However, many companies proceeded with their investment plans in Singapore because of our strong fundamentals, including our value proposition as a trusted and connected place to do business; the economic potential of Southeast Asia and Asia; and EDB’s long-standing engagement of the companies. With the pace of digitalisation accelerated by COVID-19, digital capabilities were also built across sectors to facilitate the development of new digital technologies and advanced manufacturing adoption. In addition, EDB made progress in promoting innovation and the creation of new businesses and products, and the development of new areas of opportunity such as Agrifood and Mobility…EDB will continue to strengthen our fundamentals that have been driving business interest in Singapore. These include opportunities from: Asia and Southeast Asia; digitalistion and the digital economy; innovation; the deep skills of our workforce; the ecosystem of suppliers locally and in the region; our connectivity and open trading posture; and our business-friendly and rules-based environment.”

A recent incentive from EDB is Tech.Pass which is an expansion of the Tech@SG programme that was launched by EDB and ESG in 2019. On 12 November 2020, EDB announced plans to launch Tech.Pass, a targeted programme to attract founders, leaders and technical experts with experience in established or fast-growing tech companies, so as to contribute to the development of Singapore’s tech ecosystem.

Tech.Pass allows pass holders flexibility in the participation of activities such as starting and operating a business, being an investor, employee, consultant or director in one or more Singapore-based companies, mentoring start-ups and lecturing at local universities.

Tech.Pass has been open for application since January 2021, with 500 places available upon launch. The pass will be valid for two years in the first instance, with a one-time renewal for a subsequent two years. The consideration for renewal at the end of two years will depend on meeting the renewal criteria.

It is expected that Singapore will endeavour to maintain its competitive edge for foreign direct investment and continue to shift the dial from low cost to skilled work-force investment destination.

If you are keen to find out more about the framework in Singapore for setting up a representative office of your existing business, setting up a new business or investing in one or more businesses in Singapore, please contact our experienced senior lawyers at AT Law Practice LLP for a short complimentary call or meeting – click here.

Singapore is a very attractive location for foreign direct investment – Part One

insights, Uncategorized / By atlawpractice

This is part one of a two-part article which explores the reasons why Singapore is a very attractive investment destination for foreign investors looking to spread their eggs in more than one basket.

Since independence, the Singapore Government has always put efforts to attract foreign direct investment (‘FDI’) and worked in creating an environment (such as financial stability, excellent infra-structure, telecommunication facilities, banking system, pro-business legislation, administrative efficiency when dealing with regulatory and other administrative bodies, intellectual property protection regime, English speaking highly skilled workforce, strong political leadership and sound economic fundamentals) that helps them flourish. This resulted in Singapore being one of the easiest cities in the world to do business in and it is one of the countries with the most open economy.

Its very beneficial geographical location can be leveraged to reach into big markets of Asia. Additionally, Singapore is well positioned for businesses that use Singapore as a mid-way point to repackage goods moving across the globe.

Moreover, Singapore has developed a lot technologically in recent years and this has helped Singapore enhance its standing even further as an attractive location for foreign investors. Areas to consider in light of this advantage would be technological innovations, digital communications, fintech (financial technology), medical technology, biotechnology, healthcare, precision engineering etcetera.

Singapore has a very favourable tax system due to its low corporate tax rate and the extensive network of double taxation treaties with over 80 countries. There are numerous industry-specific tax deductions and incentives made available to businesses registered in Singapore including for the maritime sector, financial and banking sector, research and development.

Some of the general tax incentives and measures which are highly attractive to foreigners include one of the lowest corporate tax rates in the world plus tax exemptions for specified quantum of chargeable income, higher tax exemptions for newly incorporated companies, no capital gains tax, no withholding tax on post-tax dividends paid from Singapore, shareholders are not taxed on dividend income from a Singapore tax resident company, a company’s foreign source income is not taxable in Singapore until such income is received or deemed received in Singapore and companies in Singapore can also benefit from tax exemption on foreign-sourced dividends, foreign branch profits and foreign-sourced service income if certain conditions are met.

Singapore also grants tax breaks to companies in the trading sector to help them go regional and international.

Please continue to read the rest of this article by clicking here to access Part Two of this article.

Main changes under the Personal Data Protection (Amendment) Act 2020 that affect your business

insights / By atlawpractice

With the rapid shift into a data-centric society, data has become even more valuable today’s digital economy. The growth of the Internet of Things (IoT), the introduction of 5G and the rise of artificial intelligence has created an exponential increase in the volume of data generated, used, collected and processed all around the world. Singapore’s Personal Data Protection (Amendment) Act 2020 (“PDPA Amendment”) seeks to keep up with these changes and align itself with stricter international standards like the General Data Protection Regulations (GDPR).

Even though you and other SMEs might see an increase in operating costs to comply with these new amendments, it far outweighs the cost of any potential data breach. Not only have the fines for breaches been increased with this Amendment (up to 10% of annual gross turnover in Singapore, or SGD 1 million, whichever is higher), but it will also take more time to restore your company’s reputation and credibility once it has been publicly fined and flagged out.

This article will take you through some of the main changes in the PDPA Amendment.

Mandatory Data Breach Notification Requirement

Before this PDPA Amendment, the Personal Data Protection Commission (PDPC) encouraged organisations to make voluntary notifications on occurrences of data breaches. However, this Amendment has made it an express requirement to do so within 3 calendar days.

The PDPC has prescribed in regulations (the “Regulations”) the personal data that is considered likely to result in significant harm to affected individuals if compromised in a data breach. If a data breach occurs in your organisation which would result in or be likely to result in significant harm to affected individuals, your organisation is required to notify the affected individuals and the PDPC.

If a data breach occurs in your organisation on a significant scale, you would also have to notify the PDPC. Where a data breach involves 500 or more individuals, this amounts to a significant scale and the organization is required to notify the PDPC even if the data breach does not involve any personal data prescribed by the PDPC in Regulations.

New Data Portability Obligation

In a bid to match up to the requirements of the GDPR, this PDPA Amendment introduces a new data portability obligation to give customers more autonomy over their personal data, enabling them to switch to new service providers with less hassle. It will also support the development of new, innovative and personalised services as organisations will have more access to data.

Under the data portability obligation, an individual may request (data porting request) an organisation (porting organisation, e.g. Starhub) to transmit applicable data specified in the request to another organisation (receiving organisation, e.g. Singtel).

However, an organisation’s portability obligation will only apply to:

requesting individuals with an ongoing relationship with the organisation;
receiving organisations with a presence in Singapore, regardless of the location of stored data; and
data (in a machine-readable format) which is provided by the individual or data about the individual created in the course of the individual’s use of the relevant product or service.

Ban on Dictionary Attacks and Address Harvesting Software

Under the Do Not Call Provisions of the PDPA, the sending of unsolicited messages to telephone numbers using dictionary attacks and address harvesting software will now be prohibited.

If your organisation has been utilising such software, you should start making alternative arrangements.

Expanded Rules on ‘Deemed Consent’

Your organisation may now disclose personal data of an individual to another organisation without expressly obtaining the individual’s consent with regard to two additional areas:

Contractual necessity- when the processing of personal data is reasonably necessary for the performance of a contract; and

Notification and opt-out – where individuals have been reasonably notified and given a reasonable period to opt out. Here your organisation has to conduct assessments on the risks of collecting, using and disclosing personal data and establish reasonable measures to eliminate such risks before actually collecting, using and disclosing such personal data. Individuals still retain the right to withdraw their consent subsequently.

Do take note that these expanded rules on deemed consent do not apply to sending direct marketing messages to individuals. That still requires express consent.

Conclusion

It now a legal requirement in Singapore for businesses to take note of and comply with data protection practices and obligations as part of overall legal compliance. You may wish to read our article of a case study where a cosmetics company was fined for failing to meet its obligations under the PDPA – click here. For the full extent of how the PDPA Amendment affects you and your business or any other aspect of compliance with the PDPA, please get in touch with the helpful team at AT Law Practice LLP – click here.

Fined for Breaches of PDPA Obligations – Bud… Bud… Bud… I Did Not Know!

insights, Uncategorized / By atlawpractice

The “I did not know I needed one” defence was used by the management of Bud Cosmetics in Re Bud Cosmetics Pte Ltd (2019) SGPDPC 1 when investigated about its data protection policies. This “defence” was of course, swiftly rejected by the Personal Data Protection Commission (PDPC) as the Commission stated that ignorance of the law is no excuse.

If you own a business, make sure you are not only fully aware of the Personal Data Protection Act (PDPA) passed in 2012 which contains compliance requirements for protecting personal data in Singapore, but you are also taking steps to actually comply with these requirements (we have posted another related article on recent amendments to the PDPA in 2020 – you may check out that article here). The Bud Cosmetics case is a good example of what happens if you do not do so.

Background
Bud Cosmetics operated a membership program which is typical for businesses to generate customer loyalty. Bud Cosmetics, again typically, sent out email blasts and newsletters to members who signed up after providing their personal details.

Subsequent to receiving a complaint from an affected individual about an exposed data list on the internet containing personal data of members (including the complainant’s) of Bud Cosmetics membership program, the PDPC investigated and concluded that Bud Cosmetics were in breach of several of their obligations under the PDPA.

Fined for Breaches of PDPA Obligations

Bud Cosmetics had an obligation under the law to comply with the PDPA and its regulations and they had failed to do so.

PDPC’s investigation resulted in Bud Cosmetics getting fined for breaching three sections of the PDPA, namely sections 12a, 24 and 26.

Section 12a requires an organisation to develop and implement policies and practices that are necessary for it to meet its data protection obligations under the PDPA and to communicate to its staff information about such policies and practices.

Section 24 requires an organisation to protect personal data in its possession or under its control by taking reasonable security measures to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.

Under section 26 of the PDPA, unless otherwise exempted, an organisation shall not transfer any personal data to a country or territory outside Singapore unless it ensures that each such receiving organisation provides a standard of protection to personal data that is comparable to the protection under the PDPA.

Insufficient Policies and Practices to Protect Personal Data
Although Bud Cosmetics had a privacy policy on their website, they only published their privacy policy because they saw many other companies do so. Their explanation was “I did not know about the legal obligations”. They assumed (wrongly) that the PDPA only contained provisions about the Do Not Call Registry- preventing them from sending marketing messages to registered Singapore numbers.

Furthermore, although Bud Cosmetic’s privacy policy notified customers as to how they would use and process the data subjects’ personal data, it did not mention how the company’s employees were going to handle their customers’ personal data.

Employees who are not informed of any requirement to protect personal data certainly cannot be expected to do so. Employees need proper data protection training, which Bud Cosmetics had not provided.

Absence of Adequate Security Measures to Protect Personal Data

Furthermore, Bud Cosmetics failed to consider whether the security of its website and technological systems was adequate and did not put in place any security measures to protect personal data in its possession. They said this was because they were unaware of the PDPA obligations at the time of the incident and therefore did not have such measures in place.

Remember even if you just own a small business, you still have to ensure the security of your systems and the protection of personal data in your possession or under your control.

Obligations when you Transfer Personal Data Overseas
Originally Bud Cosmetics engaged an Australian based service provider to host their membership program data list and subsequently they engaged a US based service provider to host the said data. Thus they transferred personal data outside Singapore without considering, as they should have, if the laws in the country where their service provider is based provided a standard of protection to personal data that is comparable to the protection under the PDPA.

If your business is transferring data to overseas hosting servers, please take note if the laws in the receiving country are comparable or better than that of the PDPA. If they are not, please include contractual obligations for the hosting servers to provide protection comparable to the PDPA. You might be pleased to note that with recent amendments to the Act, companies can now look for overseas hosting servers/organisations with “specified certification”. Overseas receiving organisations which have either of the two specified certifications, namely the Asia Pacific Economic Cooperation Cross Border Privacy Rules (APEC CBPR) System and the APEC Privacy Recognition for Processors (APEC PRP) System,automatically satisfy the PDPA’s section 26 obligation.

Conclusion
If you own a business, please learn from the lessons the Bud Cosmetic case provides. It is better to be safe than sorry when it comes to protecting important personal data of your customers. If you need support with this, please approach our helpful team at AT Law Practice LLP – c lick here.

insights

Contact Us

Quick Links