Understanding and Operationalising Singapore’s Mandatory Data Breach Regime

Rajah & Tann Singapore Contributes an Article for Association of Information Security Professionals (AiSP): Understanding and Operationalising Singapore’s Mandatory Data Breach Regime

Professor (Adjunct) Steve Tan, Partner and Deputy Head of the Technology, Media & Telecommunications Practice and Director of Rajah & Tann Technologies and Rajah & Tann Cybersecurity, has contributed an article titled “Understanding and Operationalising Singapore’s Mandatory Data Breach Regime” to the October 2022 Newsletter of the Association of Information Security of Professionals (AiSP). The article provides a holistic interpretation of the mandatory data breach notification regime under Singapore’s Personal Data Protection Act (“PDPA”), tied to organisations’ operationalisation of the same. The data breach notification obligation under the PDPA requires organisations to notify Singapore’s data protection regulator, the Personal Data Protection Commission (PDPC), and/or affected individuals, upon the occurrence of a data breach, if one of two notification thresholds is met. The article analyses the concept of a data breach under the PDPA, the notification thresholds as well as the statutory timelines involved.

With high statutory fines under the PDPA and robust enforcement of this legislation, it is in the interest of organisations subject to the PDPA to understand the requirements of this data breach notification regime.

To read the full article, please click here.

To read more about our Technology, Media & Telecommunications Practice, please click here. For more information on Rajah & Tann Technologies and Rajah & Tann Cybersecurity, please click here.