Singapore - Guide To Managing Data Breaches.

11 May, 2015

Introduction

The Personal Data Protection Commission (“PDPC”) in conjunction with the newly formed Cyber Security Agency (“CSA”) has issued a guide on how to help organisations manage personal data breaches effectively on 8 May 2015 (“Data Breach Guide”).¹

The Data Breach Guide outlines how organisations should respond in the event of a data breach involving Personal Data.

Overview Of Contents

The steps to take involve having in place a data breach management and response plan that can be implemented immediately that would cover:

Steps to Contain the Breach
Assessing Risks and the Impact
Reporting the Incident

In the aftermath of a data breach, the Data Breach Guide provides useful suggestions and guidelines, in respect of the reporting of the incident, on:

Contents of the notification of the data breach
Parties who should be notified
How and when the notification should be made

Comment

It is most pertinent to note that the Data Breach Guide has stated that “Organisations are advised to notify PDPC as soon as possible of any data breaches that might cause public concern or where there is a risk of harm to a group of affected individuals”. This seems to be the clearest indication, thus far, that the personal data protection landscape in Singapore may be evolving towards a breach notification system.

The Data Breach Guide appears to place much emphasis on the reporting of a data breach incident, but it is important for organsations to be mindful that data breach management has to be viewed and acted upon on multiple dimensions. Apart from regulatory compliance obligations, organisations must take into account the management of existing legal relationships with customers, vendors and insurers, business continuity plans and reputation issues.

End Notes:

1 https://www.pdpc.gov.sg/docs/default-source/publications-edu-materials/guide-to-managing-data-breaches-v1-0-(080515).pdf?sfvrsn=2

For further information, please contact:

Rizwi Wun, Partner, RHTLaw Taylor Wessing

rizwi.wun@rhtlawtaylorwessing.com

Jack Ow, RHTLaw Taylor Wessing

jack.ow@rhtlawtaylorwessing.com

Singapore – Guide To Managing Data Breaches.

Employer Sponsorship And Work Permits In Indonesia.

- Stephen Igor Warokka - SSEK,

Labor And Employment Law Updates From Indonesia And The World.

Gross Split Production Sharing Contracts: Commercial Insights From Indonesia’s MEMR Regulation No. 13 Of 2024.

- Fitriana Mahiddin - SSEK, SSEK

UK – Shifts Workers – A New Right To Reasonable Notice.

Hong Kong – Keepwell Deeds: A Workable Solution To PRC’s Foreign Exchange Control?

The Catch And Kill Of Non-Disclosure Agreements? New UK Guidance.

EU – Tightening The European Union’s Powers To Review Foreign Direct Investments.

Malaysia – General Average And Salvage.

- Philip Teoh - Azmi & Associates, Azmi & Associates

Role Of Technology In Legal Service Delivery.

Process Optimisation In Legal Teams: Improving Workflow Efficiency.

CONVENTUS LAW

OTHERS

Singapore – Guide To Managing Data Breaches.

Register for your monthly Asia legal updates from Conventus Law

Footer

CONVENTUS LAW

OTHERS