April

The Turkish Parliament adopted, on 24 March 2016, the Law on Personal Data Protection after over nine years of efforts. The Law is Turkey's first specific privacy and data protection legislation and its adoption follows Turkey's recent ratification of Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, 35 years after Turkey first signed it. "The enactment of the Law marks the beginning of a new era, as personal data will now be processed in compliance with the Law," said Yasin Beceni and Ipek Asikoglu,

Partner and Associate respectively at BTS Legal. In particular, the Law has been prepared to ensure protection during the processing of personal data in line with the Data Protection Directive and defines key terms. According to the Law, data controllers will be responsible for taking necessary security measures to prevent unlawful access to personal data, including carrying out or making third parties conduct audits to ensure that such security measures are taken. Data controllers will be obliged to notify the Board where they become aware of any unlawful access.

MP Sue Moroney has proposed a Privacy Amendment Bill, which would enact many of the Law Commission's recommendations by strengthening the powers of the Privacy Commissioner by empowering her office to issue compliance notices and conduct privacy audits of public and private sector agencies where this is warranted.
 
The current complaints-driven process has been criticised as it fails to address systemic privacy breaches not exposed by individual complaints while other breaches escape detection and investigation altogether. The risks to individuals of inappropriate use and disclosure of their personal information and of identity theft are compounded as a consequence.
 
The Law Commission's report also addresses several current mischiefs, such as cyber-bullying and application of the news media exemption from the Privacy Act to blogs. Especially pertinent is abuse, by individuals, of the so-called "personal use" exemption, which has allowed the posting online of much objectionable material about individuals. These matters are in urgent need of attention.

An increasing number of employers have begun demanding private login information to applicants' social media accounts.
 
In the U.S., such practices may be a breach of privacy, however, there is no law in Singapore that guarantees employee privacy. Although this may change in the future, employers now are legally free to monitor their employees through any means - including tracking Internet history, e-mails, chat sessions and file downloads. Some companies even use GPS tracking on company devices to check on employee location.
 
As a result of this lack of legislation, nothing is sacred when it comes to employee privacy - not even employees' social network accounts. Employers may not need to worry about legal ramifications, but employee privacy is still a minefield that should be approached with caution.
 
With the boundary between an employee's personal and professional line is getting increasingly unclear, it is important that HR professionals draw a line and stick to it. The best way to do this is to institute a social media policy and provide training and resources for employees to turn to.