Date Published: 23 March 2020
(a) Privacy and data protection at the workplace
Singapore has no constitutional right of privacy, but the Personal Data Protection Act 2012 (“PDPA”) provides some measure of data privacy for employee communications.
Under the PDPA, employees’ consent is normally required before an employer collects, uses, processes or discloses their personal data unless the collection, monitoring or disclosure of information falls within one of the exemptions in the PDPA.
The first exemption is when the collection of personal data of employees is reasonable for the purpose of “managing or terminating an employment relationship” between the employer and employee. These can include:
- Using the employee’s bank account details to issue salaries;
- Monitoring how the employee uses company computer network resources;
- Posting employees’ photographs on the staff directory page on the company intranet; or
- Managing staff benefit schemes like training or educational subsidies.
While consent is not required, employers are still required to notify employees of the purposes of such collection, use or disclosure. There is no prescribed way of notification and it may be through the employment contract, an employee handbook, or notice in the company intranet.
A second common exemption is if the data collection is necessary for evaluative purposes for determining the suitability of an individual for employment or promotion etc. These may include collection, use or disclosure of data such as references from previous employers or other performance records, although note the obligation under section 20(2) PDPA to provide the other organisation with sufficient information regarding the purpose of the collection to allow that other organisation to determine whether the disclosure would be in accordance with the Act. Section 20(4) PDPA requires an organisation, on or before collecting, using or disclosing the personal data about an individual for the purpose of managing or terminating an employment relationship between the organisation and that individual, to inform the individual of:-
- that purpose; and
- on request by the individual, the business contact information of a person who is able to answer the individual’s questions about that collection, use or disclosure on behalf of the organisation.
In terms of privacy, the PDPA also applies to monitoring of employees’ communications such as emails, messages, social media and phone calls. This is because the contents of these communications are likely to constitute personal data if an individual can reasonably be identified by the information contained therein. As such, employee consent must be obtained unless an applicable exemption under the PDPA may be invoked. Consent can also be dispensed with if the collection is necessary for any investigation or proceedings, if it is expected that seeking the consent of the employee would compromise the availability or accuracy of the personal data.
Organisations should cease to retain documents containing personal data, or remove the means by which personal data can be associated once an employee leaves the company, as soon as the retention is no longer necessary for any valid legal or business purposes.
Organisations are also responsible for safeguarding the personal data of employees, and must adopt reasonable security arrangements to prevent unauthorised access, collection, use, disclosure or similar risks to the personal data.
(b) Harassment at the workplace
Workplace harassment can occur when someone at a workplace demonstrates behaviour that causes or is likely to cause harassment, alarm or distress to another party. Such behaviour can violate a person’s dignity or create an unfavourable work environment for him/her, which poses a risk to the person’s safety and health. Examples of behaviour that may be harassment include: (1) Threatening, abusive, or insulting language, comments or other non-verbal gestures, (2) Cyberbullying, (3) Sexual harassment; and (4) Stalking.
The Protection from Harassment Act 2014 (Cap. 256A) protects individuals against harassment and unlawful stalking through a range of civil remedies and criminal sanctions. However, the act places no specific obligations on employers to prevent harassment in the workplace. A Tripartite Advisory on Managing Workplace Harassment has also been published that encourages employers to: (1) Develop a harassment prevention policy, (2) Provide information and training on workplace harassment; and (3) Implement reporting and response procedures.
Please note that this section of the Employment Law Guide is a summary provided for general information purposes, aimed at aiding understanding of Singapore’s employment law as at the date of writing. It is not exhaustive or comprehensive and reading this memorandum is not a substitute for reading the text of the various statutes to fully understand the extent of the obligations owed. This guide should also not be relied upon as legal advice.
Get To Know The Authors
Pradeep acts for corporations, whether they are private or listed companies, on all aspects of their business including advice and drafting of documentation on investments, joint ventures, mergers and acquisitions and restructurings. With Pradeep co-heading the Employment and Immigration team, The Legal 500 Asia Pacific 2020 has commented that CNPLaw has “a solid reputation” for assisting local and foreign clients, who are employers or employees, with a range of issues.
Pei-Ling has over 23 years of experience in corporate and cross-border transactions, and has advised on investments, joint-ventures and commercial transactions in Singapore and Malaysia. Over the years, she has also developed a practice in the areas of data protection, technology and employment.