Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Social Psychology

Singapore Telecommunications Ltd

advertisement 
SINGAPORE TELECOMMUNICATIONS LTD
SUBMISSION TO THE PERSONAL DATA PROTECTION COMMISSION OF
SINGAPORE
IN RESPONSE TO THE PUBLIC CONSULTATION ON PROPOSED BUSINESS
OPERATION OF THE DO NOT CALL REGISTRY
DATE OF SUBMISSION: 14 JUNE 2013
SINGAPORE TELECOMMUNICATIONS LTD
SUBMISSION TO THE PERSONAL DATA PROTECTION COMMISSION OF
SINGAPORE IN RESPONSE TO THE PUBLIC CONSULTATION ON PROPOSED
BUSINESS OPERATION OF THE DO NOT CALL REGISTRY
1.
INTRODUCTION
1.1.
Singapore Telecommunications Ltd and its related companies (SingTel) are licensed
to provide info-communications services in Singapore. SingTel is committed to the
provision of state-of-the-art info-communications technologies and services in
Singapore.
1.2.
SingTel has a comprehensive portfolio of services that includes voice and data
services over fixed, wireless and Internet platforms. SingTel services both corporate
and residential customers and is committed to bringing the best of global infocommunications to its customers in the Asia Pacific and beyond.
1.3.
SingTel is also a leading Internet Service Provider (ISP) in Singapore and has been at
the forefront of Internet innovation since 1994, being the first ISP to launch
broadband services in Singapore. It is licensed to offer IPTV services under a
nationwide subscription television licence granted by the Media Development
Authority of Singapore (MDA).
1.4.
SingTel welcomes the opportunity to respond to the public consultation on the
Proposed Business Operation of the Do Not Call Registry (DNCR) (Consultation).
1.5.
This submission is structured as follows:
(a)
(b)
(c)
(d)
(e)
introduction;
summary of major points;
specific comments;
other comments and clarification; and
conclusion.
Page 1 of 15
2.
SUMMARY OF MAJOR POINTS
2.1.
SingTel submits that the proposed registration and de-registration methods pose
significant difficulties to individuals who have subscribed to block or conceal the
display of his mobile or fixed line telephone number, and who have no internet access
or are not Internet savvy.
2.2.
The DNC website setup may be subject to abuse by malicious parties to generate
nuisance calls and/or SMS to others by keying in random numbers.
2.3.
The PDPC should inform individuals that calls, SMS and data usage to register with
or de-register from the DNCR may be chargeable.
2.4.
It is possible that there will be individuals who may mistakenly believe that any issues
relating to the DNCR should be referred to their service provider and therefore
contact their service provider(s); we believe it is important that the PDPC provides an
effective customer service option to customers as it is not possible that service
providers handle such calls on behalf of the PDPC.
2.5.
SingTel submits that it is not practical or reasonable to require a SingPass
authentication in order to register for an account.
2.6.
SingTel submits that one (1) main organisation account and twenty (20) sub-accounts
may not be sufficient for large organisations as there may be multiple departments
engaging in marketing activities and each department may require multiple accounts.
2.7.
SingTel submits that it is would not be accurate to provide an average quantity of
telephone numbers that SingTel may check per month as communications to
individuals would depend on a variety of factors including the service, reason for
contacting the customer, etc., which may range from less than ten (10) numbers to
over one (1) million numbers.
2.8.
Despite the various feedback given by SingTel in the public consultations, the PDPC
has not amended the definition of ‘specified messages’ such that when a single
message involves informational material (e.g. it informs customers that their service
contract is expiring or their promotional freebies are expiring and invites them to sign
Page 2 of 15
up or re-contract for services), the same message becomes a ‘specified message’ for
the purpose of the DNCR.
2.9.
SingTel notes that an organisation that wishes to strictly comply and dutifully checks
a large quantity of numbers is penalised vide higher charges.
2.10.
The PDPC has only proposed two (2) modes of payment – credit card or Internet
Direct Debit (IDD). Credit card and IDD payments are susceptible to fraud and errors
and should not be the sole modes of payment particularly for large organisations
where payment may be initiated by multiple parties. SingTel does not employ these
modes of payment today.
3.
SPECIFIC COMMENTS
Question 1: With reference to paragraphs 3.6 to 3.9, do you have any
views/comments on the proposed process of registration and deregistration? Is
the process simple and straightforward?
Individuals who subscribe to block or conceal display of their telephone number
3.1.
SingTel submits that the proposed registration and de-registration methods pose
significant difficulties to individuals who have subscribed to block or conceal the
display of his mobile or fixed line telephone number, and who have no Internet access
or are not Internet savvy.
3.2.
We recommend that the Personal Data Protection Commission (PDPC) include an
additional option in the Automated Interactive Voice Response System (IVRS) to
prompt the individual to enter their telephone number. The IVRS can then make a call
back to the individual as described in paragraph 3.6.a.ii.a regardless of whether it is a
fixed-line or a mobile number.
Online registration through DNCR website
3.3.
The website allows any individual to key in a telephone number to generate either a
One-Time Password (OTP) or a call back to that telephone number. Such a system is
subject to abuse by malicious parties who may generate nuisance calls and/or SMS to
Page 3 of 15
others by keying in random numbers. SingTel recommends that the PDPC put in place
some form of restriction on the number of calls and/or SMS that can be generated
either based on IP address or other form of identification.
Call charges
3.4.
The PDPC should inform individuals that calls, SMS and data usage to register with
or de-register from the DNCR may be chargeable.
Lead-in period
3.5.
Paragraph 3.12 states “For individuals who register their Telephone Number with the
DNC Registry within 6 month…”. It is not clear when this six (6) months period is.
SingTel suggest that the sentence be amended to “For individuals who register their
Telephone Number with the DNC Registry within the first 6 months from the
commencement of the DNC Registry…” [emphasis on proposed amendments].
3.6.
It is not clear whether the lead-in period can be shorter than that prescribed in the
Consultation. Where an organisation checks the DNCR more frequently (e.g. every
fifteen (15) days):
(a) if it finds that a telephone number has been de-registered, can the organisation
immediately contact the individual; and
(b) if it finds that a telephone number has been registered, can the organisation still
keep to the minimum lead-in period prescribed and continue to contact the
individual over the next fifteen (15) days.
DNCR point of contact
3.7.
SingTel notes that there may be an initial surge of calls to the DNCR when it
commences and would like to find out:
(a) the volume of calls, SMS and online registrations that the DNCR can receive at
any given time
Page 4 of 15
(b) whether there will be a manned IVRS option which individuals can select to speak
to a PDPC/ DNCR staff should they have any queries or encounter problems with
the registration and/or de-registration
3.8.
It is possible that there will be individuals who may mistakenly believe that any issues
relating to the DNCR should be referred to their service provider and therefore
contact their service provider(s); we believe it is important that the PDPC provides an
effective customer service option to customers as it is not possible that service
providers handle such calls on behalf of the PDPC.
Other comments and queries
3.9.
We seek the PDPC’s clarification as to whether the individual may perform a check
via all three (3) methods. And if the check is via SMS, whether the individual will
need to enter an OTP.
3.10.
We suggest that the PDPC incorporate the check into the Registration/ Deregistration
process flow diagram.
3.11.
With respect to a fixed-line number registration, where the individual is calling from a
multi-line structure, we seek the PDPC’s clarification as to which number will be used
for registration – the main number or the secondary number(s). Where the DNCR is
only able to register the main number, please advise how the individual may register
the secondary number. SingTel notes that our proposal to include an option for the
IVRS to prompt the individual to enter his telephone number may also be useful in
such a scenario.
Question 2: With reference to paragraphs 4.4 to 4.14, do you have any
views/comments on the proposed requirements for an organisation to create a
main or sub-account?
Use of SingPass
3.12.
SingTel submits that it is not practical or reasonable to require a SingPass
authentication in order to register for an account. The PDPC will appreciate that the
Page 5 of 15
SingPass is a personal security code belonging to an individual which can be used to
access to other confidential information about the individual.
3.13.
Further, there may be complications, delays and unnecessary costs incurred if the
individual linked to an account [particularly the main account] leaves the
organisation.
3.14.
SingTel proposes that the PDPC consider using the NRIC and/or a system-generated
password instead.
Other comments and queries
3.15.
SingTel notes that the user ID and password of the accounts will be sent via email to
the main account. Please confirm if the password will be encrypted and if what other
forms of control are in place to ensure the secure communication of the login
credentials.
3.16.
Further, please confirm if the account passwords will expire, and if so how long each
password is valid for.
3.17.
In the event a sub-account holder leaves the organisation, please confirm if the
organisation:
(a) is able to rename the sub-account and assign it to another staff; or
(b) is required to terminate the sub-account and create a new sub-account for use by
another staff.
3.18.
SingTel submits that option (a) is more tenable as [especially in view of the turnover
and/or staff movement rate in larger organisations] the organisation should be allowed
to re-assign the account to another staff without going through the process of
terminating the account, unnecessarily having the balance refunded, and incurring
additional expenses to create a new account.
Page 6 of 15
Question 3: In particular, are 20 sub-accounts sufficient for each main account
and do you have any views/comments on the rights and functions of the main and
sub-account holder?
3.19.
The PDPC has indicated that each organisation will be allowed to register for one (1)
main organisation account and twenty (20) sub-accounts. SingTel submits that this
may not be sufficient for large organisations as there may be multiple departments
engaging in marketing activities and each department may require multiple accounts.
3.20.
Therefore SingTel requests that the PDPC consider allowing organisations to request
for more main and/or sub-accounts.
Other comments and queries
3.21.
SingTel notes that both the main and sub-accounts have the right to purchase pre-paid
credits. We seek the PDPC’s clarification if billing for use of the DNCR will be
consolidated for all the accounts registered to an organisation and billed to the main
account, or each account will be billed separately.
3.22.
SingTel requests that account holders be given an option to view the pre-paid credit
balance for each account if it is not already available as part of the Account
Administration rights and functions.
Question 4: With reference to paragraph 4.18, do you have any views/comments
for not allowing foreign organisation to register an account with the DNC
registry?
3.23.
SingTel has no comments.
Question 5: In particular, do you have any views/comments on the proposed
methods to check the DNC registry for Singapore registered organisation that
outsourced their telemarketing activities to a foreign organisation?
3.24.
SingTel has no comments.
Page 7 of 15
Question 6: With reference to paragraph 5.1, do you have any views/comments
on the proposed methods on how to check the DNC registry?
3.25.
SingTel requests that the PDPC consider allowing organisations to submit telephone
numbers via the File Transfer Protocol (FTP) instead of through the website. Some
organisations run marketing activities fairly frequently targeting various groups of
individuals, and manually uploading the telephone numbers will be time consuming.
3.26.
SingTel also seeks clarity on whether there is a cut-off time each day to submit
telephone numbers to the DNCR.
Question 7: With reference to paragraph 6.6, what is the average quantity of
Telephone Numbers would your organisation be likely to submit for checks per
month and which would be the scheme (pre-paid or pay-per-use) your
organisation be most likely to use as the form of purchase?
Quantity of telephone numbers to check against the DNCR
3.27.
SingTel submits that it is would not be accurate to provide an average quantity of
telephone numbers that SingTel may check per month as communications to
individuals would depend on a variety of factors including the service, reason for
contacting the customer, etc., which may range from less than ten (10) numbers to
over one (1) million numbers.
3.28.
Furthermore, despite the various feedback given by SingTel in the public
consultations, it is disappointing that the PDPC has not amended the definition of
‘specified messages’ such that when a single message involves informational material
(e.g. it informs customers that their service contract is expiring or their promotional
freebies are expiring and invites them to sign up or re-contract for services), the same
message becomes a ‘specified message’ for the purpose of the DNCR. Under such
circumstances, the volumes of telephone numbers to be checked clearly will be high.
Customers can also expect to receive more communications from organisations as
messages containing information and marketing content will have to be split into
different batches. Where a customer was happy to receive such information in a single
message, the customer will not have to contend with receiving multiple messages with
related informational and marketing content which would have been more useful
Page 8 of 15
contained in a single message. SingTel provides further comments on this in a
subsequent section.
3.29.
Notwithstanding our views here, SingTel notes that the scheme penalises those who
comply vide checking large quantities of numbers. Whilst the volume of numbers
involved in the checking may reflect the scale of operations, we note that an
organisation who wishes to strictly comply and dutifully checks a large quantity of
numbers is penalised vide higher charges. SingTel asks that the PDPC considers
capping charges at a lower rung, for example:
(a) In the case of paragraph 6.6 (a), cap it at 250, 000 numbers and above where the
cost is $2,700.
(b) In the case of paragraph 6.6 (b), cap it 250,000 numbers and reduce the charges
correspondingly.
Purchase scheme
3.30.
The form of purchase is dependent on the frequency of the checks, and the volume of
telephone numbers to be checked. SingTel submits that it is too soon to give
comments on the most likely form of purchase.
Question 8: With reference to paragraph 6.7, do you have any views/comments
on the proposed modes of payment?
3.31.
The PDPC has only proposed two (2) modes of payment – credit card or Internet
Direct Debit (IDD). Credit card and IDD payments are susceptible to fraud and errors
and should not be the sole modes of payment particularly for large organisations
where payment may be initiated by multiple parties. SingTel does not employ these
modes of payment today.
3.32.
In view of the above, SingTel requests that the PDPC include telegraphic transfer
(TT) and direct debit (i.e. GIRO) as well. These are the more common forms of
payment for organisations, and allow payment to be controlled and subject to internal
checks and processes.
Page 9 of 15
3.33.
To aid payment via TT, the DNCR should provide an option for the account holder to
request a statement/ invoice containing an order number for the purchase, to ensure
that payment is made for the correct purchase and charged against the correct account.
Other comments and queries
3.34.
SingTel seeks confirmation if payment [regardless of mode of payment] will be
reflected in real time in the DNCR so that the account holder is able to immediately
proceed with checking the telephone numbers against the DCNR upon making
payment. SingTel submits that so long as the payment transaction is duly completed,
the account holder should be allowed to proceed. The account holder should not be
unnecessarily delayed should payment require several days to be processed.
Question 9: With reference to paragraphs 7.1 to 7.3, do you have any
views/comments on the proposed format of the Results and the methods of
retrieving the Results?
Proposed results format
3.35.
SingTel notes that the DNCR will check the submitted file at the point of submission
to ensure it meets the guidelines defined in Annex A (II) including that the telephone
numbers contain eight (8) digits and commence with ‘3’, ‘6’, ‘8’, or ‘9’. If the
submitted file fails any of these guidelines, it will be immediately rejected. In which
case, there will not be an instance of the DNCR returning the invalid numbers as
illustrated in paragraph 7.1.b ‘List of Invalid Numbers’ – the invalid numbers used in
the example do not meet the guidelines.
3.36.
In view of the above, SingTel seeks confirmation that a file submitted via the DNCR
website that fails to meet any of the guidelines will be rejected at the point of
submission. Please also clarify the manner in which the account holder will be
notified that the file has been rejected.
Methods of retrieving results
3.37.
SingTel notes that the Small Number Lookup only presents the results of the check on
the webpage as opposed to the downloadable file returned in a Bulk Upload. We
Page 10 of 15
request that the DNCR also return a result file for the Small Number Lookup. In the
event that the PDPC maintains the current format (i.e. to only display the results on
the webpage), SingTel suggests that there be an icon on the webpage to save the
results to the local machine to prevent instances where the organisation may
accidentally exit from the webpage without saving the results.
3.38.
The proposed Bulk Upload results retrieval involves the DNCR sending an email
notification to the registered contact person of the account used to submit the
telephone numbers to retrieve the results of the check. SingTel submits that a more
efficient method would be for the results to be emailed directly to the contact person.
3.39.
SingTel proposes that organisations intending to submit one (1) million numbers or
more on a regular basis [which will have a file size of close to or exceeding the 10MB
limit set at the DNCR] be given either the list of all telephone numbers registered with
the DNCR on a regular basis, or the initial list of telephone numbers registered with
the DNCR and subsequently the changes to the list on a regular basis at a reasonable
cost. SingTel considers such a method to be more efficient and less resource
intensive, and will free up the DNCR processing capacity to handle checks for smaller
volumes of telephone numbers.
Other comments and queries
3.40.
SingTel also seeks clarification if it is a must to use the Small Number Lookup to
check up to ten (10) numbers or if the organisation may also use the Bulk Upload to
check up to ten (10) numbers.
Question 10: In particular, do you have any views/comments on the type of file
(“.CSV”) that is proposed as the format of the Results file?
3.41.
SingTel has no comments on the use of a “.CSV” file for the results, however we seek
confirmation/ more information on the following:
(a) fields;
(b) delimiter(s);
(c) whether the headers are the same as that specified in paragraph 7.1.b ‘List of
Valid Numbers accepted and checked’ and ‘List of Invalid Numbers’.
Page 11 of 15
3.42.
SingTel requests that the “Date of Submission” be included in the results files [for
valid and invalid numbers], and that the validity period be listed next to each valid
number.
Question 11: With reference to paragraphs 8.5 to 8.7, do you have any
views/comments on the proposal to refund all balance pre-paid credits from all
the sub-accounts to the main account?
3.43.
SingTel has no comments on the proposal to refund all balance pre-paid credits from
all sub-accounts to the main account in the event that the main account is terminated.
However, it is not clear how pre-paid credits assigned to a sub-account will be
handled if the sub-account is terminated.
3.44.
SingTel seeks more clarity on whether the organisation will have the option to
transfer the pre-paid credits to the main account or to refund the amount to the bank
account designated by the organisation.
3.45.
SingTel also seeks clarification on the treatment of unutilised free credits assigned to
the sub-account (i.e. whether the free credits will be returned to the main account or
will be forfeited).
4.
OTHER COMMENTS AND CLARIFICATIONS
Submission of terminated telephone numbers
4.1.
SingTel notes that the Consultation does not cover the submission of terminated
telephone numbers by telecoms service providers and seek confirmation and more
information on the frequency for the submission of terminated telephone numbers.
The frequency of the submissions will have an impact in situations where a telephone
number is subscribed sooner than the recommended minimum quarantine period.
Data applications
4.2.
In the public consultation on Proposed Advisory Guidelines On Key Concepts In The
Personal Data Protection Act issued by the PDPC on 5 February 2013, the PDPC has
Page 12 of 15
stated that the DNCR provisions set out in the Personal Data Protection Act (PDPA)
will apply to data applications which use a Singapore telephone number and cited
examples such as ‘Whatsapp’, ‘iMessage’, and ‘Viber’. SingTel seeks confirmation if
text messages sent via such data applications will not be allowed where an individual
has registered with the DNCR.
Duty to check the DNCR
4.3.
SingTel suggests that the PDPC clearly define that the organisation required to check
the DNCR is the organisation that is marketing its goods and/or services, and not the
telecoms service provider over whose network the voice call, SMS or fax is sent. We
had in the preceding section already highlighted that it is likely that individuals may
have the mistaken impression that they should contact their service providers, in this
case the telecoms service provider, where they have issues over the DNCR.
4.4.
Telecommunications service providers are not in a position to provider answers to
individuals in relation to the DNCR. Hence, the PDPC should provide an effective
customer service option through the DNCR. This will prevent unnecessary calls from
individuals to the telecoms service providers should they have a complaint about
receiving the call, SMS or fax.
Duty to identify the sender
4.5.
Many organisations today use alpha-numeric codes or acronyms to identify
themselves instead of a valid telephone number. SingTel submits that the PDPC could
give additional clarity and/or a set of guidelines on acceptable methods of
identification. The burden to identify the sender should not be borne by the telecoms
service providers.
Meaning of specified message
4.6.
SingTel had requested for greater clarity on the meaning of specified messages in past
submissions to public consultations on the PDPA, and proposed advisory guidelines
and regulations. The definition of a specified message in relation to the following
examples remain unclear:
Page 13 of 15
(a) a communication where the sole purpose is for information
(b) a communication in which the primary purpose is for information but the
secondary purpose is arguably commercial;
(c) a communication in relation to goods and/or services that are free or without
charge;
(d) a communications which is required by law or regulations (e.g. as part of a
consumer protection initiative).
4.7.
SingTel submits that an informational message, which may include a reference to a
specific good and/or service, should not be classified as a specified message.
Individuals subscribing to certain goods and/or services are entitled to receive various
related messages which are intended to benefit the individual by offering information
on obtaining the most value out of their subscription and/or managing charges
incurred including:
(a) roaming alerts on the individual’s service usage and how to reduce costs by
taking up the right price plan;
(b) reminder messages to an individual to select the right roaming plan to reduce or
mitigate costs;
(c) welcome and/or reminder messages when the individual arrives at an overseas
destination to use the correct international access service in order to reduce or
mitigate international call charges;
(d) messages informing the individual about the expiry of a content subscription
contract term, and reminding the individual to renew the subscription;
(e) messages inviting or reminding the individual to opt-in or actively subscribe
when a free trial for their existing goods/ services ends.
4.8.
Further, where the request for more information on an organisations goods and/or
services is initiated by the individual (e.g. the individual sends an SMS requesting
information on the latest promotions, or the individual makes a *SEND call to retrieve
information on the latest promotions), the response from the organisation [which
would constitute a specified message] should be exempted from complying with the
DNCR provisions as the message was solicited by the individual.
Page 14 of 15
Contravention of the DNCR provisions
4.9.
The DNCR provisions specify a fine not exceeding $10,000 for the contravention of
Section 42 through Section 46 of the PDPA. SingTel seeks clarification as to whether
the fine is applicable on a per contravention, per line or per event basis.
Accuracy of information
4.10.
SingTel seeks clarification on the recourses available to an organisation in the event
that the organisation has made a reasonable effort to ensure the accuracy of the
information (e.g. by asking that the individual verify the information) however, the
accuracy of the information is subsequently disputed by the individual.
Obtaining clear and unambiguous consent from prepaid mobile users
4.11.
An organisation is allowed to contact an individual that has given clear and
unambiguous consent even if the individual has registered his telephone number(s)
with the DNCR.
4.12.
A subscription to a telecoms service usually requires that the individual contract with
the service provider, which provides an avenue for the service provider to obtain the
individual’s consent. However, in the case of a pre-paid mobile service only the
individual’s NRIC is registered at the point of purchase, and the individual is typically
not required to sign a contract with the service provider.
4.13.
SingTel seeks advice on how to obtain clear and unambiguous consent in compliance
with the PDPA where there is no contract between the individual and the service
provider.
5.
CONCLUSION
5.1.
SingTel requests that the PDPC consider our comments in the development of the
DNCR.
Page 15 of 15
Related documents
Brochure - Office 365_4pp
Brochure - Office 365_4pp
Factsheet - Singtel ChatVault_4pp_201504
Factsheet - Singtel ChatVault_4pp_201504
SingTel Secure Enterprise Messenger
SingTel Secure Enterprise Messenger
HOME DIGITAL LINE What Kind Of Calls Can I Make
HOME DIGITAL LINE What Kind Of Calls Can I Make
SingTel should provide clarity on pricing of its sports
SingTel should provide clarity on pricing of its sports
About 2G network closure
About 2G network closure
Turn Compliance into Opportunity
Turn Compliance into Opportunity
here - Singtel Online Gifts
here - Singtel Online Gifts
Specific Terms And Conditions for 'hi!Share International
Specific Terms And Conditions for 'hi!Share International
Download
advertisement