Question

Ms Joan Pereira: To ask the Minister for Trade and Industry (a) what measures will be put in place to ensure that electricity retailers take all necessary safeguards to protect consumers' identities; and (b) what recourse do consumers have when they find that their identities have been used to sign up for electricity accounts or their identity details have been compromised.

Written reply (to be attributed to Minister for Trade & Industry Mr Chan Chun Sing)

1. Mr Speaker, all electricity retailers must comply with the Personal Data Protection Act (PDPA) when collecting, using and disclosing personal data. This includes making reasonable security arrangements to protect their data. There are additional safeguards in EMA’s Code of Conduct for Electricity Retail Licensees. For example, when signing up consumers, retailers are required to obtain the consumer’s consent or proper authorisation before entering into a contract. EMA carries out Mystery Shopper Audits to assess if retailers are in compliance with the Code of Conduct.

2. Consumers who find that their identities have been compromised, or used to sign up for electricity accounts without their consent, should first approach the retailer to resolve the issue. In the event of an unauthorised switch, consumers will be able to terminate the contract without incurring early termination charges. Consumers who encounter errant retailers can contact CASE or EMA. EMA will take action against any retailer that is found to have breached the Code of Conduct. Such retailers could be suspended from signing up new customers and can be subjected to financial penalties.

3. Consumers who have reason to believe that their personal data has been used or disclosed by a retailer in violation of the PDPA can report it to the Personal Data Protection Commission (PDPC). Retailers who breach the PDPA may be subject to financial penalties of up to $1 million.