Submitted by admin on Mon, 04/27/2015 - 09:19 Published on Jan 24, 2015THE Personal Data Protection Commission agrees with Mr Leong Kaiyan that organisations should take security measures to protect personal data in their possession or control, which is one of the obligations under the Personal Data Protection Act ("Still long way to go in beefing up cyber security"; Jan 4). In addition, when collecting, using or disclosing an individual's personal data, organisations have to notify and obtain the consent of the individual, unless an exception applies. When providing customer support services, organisations may request that customers provide certain personal data in order to verify their identities. As a good practice, organisations should explain to their customers, when speaking to them over the phone, the purposes for which they require their personal data. Organisations should also ensure that they do not over-collect personal data during the verification process. Under the Act, organisations also have to make information about their personal data protection policies, practices and complaint processes available on request. The Commission has been reaching out to organisations to inform them of their obligations under the Act through briefings, workshops and seminars for the past 18 months, even before it came into full effect in July last year.