MARKETPLACE AND CUSTOMERS

Investing in Data Protection

In Singapore, the full Personal Data Protection Act (PDPA) came into effect in July 2014. The data protection law comprises various rules governing the collection, use, disclosure and care of personal data. The Do Not Call Registry, which came into effect in January 2014, allows individuals to register their Singapore telephone numbers to opt out of receiving marketing phone calls, mobile text messages such as SMS or MMS, and faxes from organisations.

We conform to the PDPA and have invested S$2 million to this effort. The steps that we have taken include the following:G4-15

• New policies have been developed for all staff to ensure that we meet the PDPA requirements.
• All employees must undergo mandatory training related to PDPA.
• Customers also expect our partners to protect their information, and we have introduced measures to ensure that our vendors and partners are PDPA-compliant.
• We have launched a feature on our customer portal to offer customers more control of what data can be used. They can select channels for receiving marketing messages from Singtel and our partners.
• A Data Protection Governance Committee, chaired by our Data Protection Officer, has been created to ensure that Singtel maintains full compliance with the PDPA.

We will continue to introduce measures to protect our customer privacy, for example, through compliance checks on our daily operations, and will work closely with our offshore and outsource partners. We will also continue to refine internal guidelines and drive awareness of the importance of privacy protection across the Group.

Optus reported three data privacy incidents in 2014 to the Office of the Australian Information Commissioner (OAIC), including what we did to address the specific incidents and improve our overall processes. On 26 March 2015, Optus committed to continuous improvement through offering an enforceable undertaking to the OAIC.

We did not record any substantial case of privacy breach in Singapore.PR8