Professor (Adjunct) Steve Tan, Partner and Deputy Head of the Technology, Media & Telecommunications Practice and Director of Rajah & Tann Technologies and Rajah & Tann Cybersecurity, has contributed an article titled “Understanding and Operationalising Singapore’s Mandatory Data Breach Regime” to the October 2022 Newsletter of the Association of Information Security of Professionals (AiSP). The article provides a holistic interpretation of the mandatory data breach notification regime under Singapore’s Personal Data Protection Act (“PDPA“), tied to organisations’ operationalisation of the same. The data breach notification obligation under the PDPA requires organisations to notify Singapore’s data protection regulator, the Personal Data Protection Commission (PDPC), and/or affected individuals, upon the occurrence of a data breach, if one of two notification thresholds is met. The article analyses the concept of a data breach under the PDPA, the notification thresholds as well as the statutory timelines involved.
With high statutory fines under the PDPA and robust enforcement of this legislation, it is in the interest of organisations subject to the PDPA to understand the requirements of this data breach notification regime.
For more information, click here to read the full Authored Publication.