Personal Data is any data where the identity of a person can be ascertained
It can be any information that relates to the identity of a person. This information can be direct or indirect or it can be a collection of data which leads to the identification of a specific person. All factors in the data should lead to the identification of an individual to constitute to be personal data.
Technology these days generate a great amount of data about any individual through online transactions like credit card payments or account opening, and a business will need the consent to collect, use or disclose personal data.
Where personal data is anonymised, encrypted, de-identified, pseudonymised or hidden in any way but a person can still be identified, it is still considered personal data. However, if the personal data has been anonymised such that the anonymisation is irreversible and the individual is no longer identifiable, such data is no longer personal data.
Regulations relating to Personal Data
Singapore Personal Data Protection Act 2012
In Singapore, the Personal Data Protection Act 2012 (PDPA 2012) defines personal data as “… data, whether true or not, about an individual who can be identified from that data, or from that data or other information to which the organisation has or is likely to have access”.
In neighbouring countries, similar legislation have been enacted.
The Personal Data Protection Act 2010 (Act 709)
The Personal Data(Privacy) Ordinance (Cap. 486) (Ordinance)
The Personal Data ProtectionAct, B.E. 2562 (2019)
Data Privacy Act of 2012
Law on Cybersecurity
Indonesia’s data privacy legislation is a combination of the Electronic Information and Transactions (EIT) Law (Law No. 11 of 2008), Amendment (Law No. 19 of 2016), Regulation No. 82 of 2012 (Reg. 82) and Regulation No. 20 of 2016 (the MOCI Regulation)