Home Governance Singapore issues new guidelines on Data Breach Notification and Accountability

Singapore issues new guidelines on Data Breach Notification and Accountability

Singapore cybersecurity bill

In order to boost cybersecurity and tackle next-generation cyber threats, the Singapore government recently updated the guidelines on data breach notification and accountability. Unveiled by the Personal Data Protection Commission (PDPC), the new guidelines are intended to help companies manage data breaches more effectively.

As per the new procedures, which are expected to be included in the upcoming data protection act, the companies in Singapore should not take more than 30 days to complete an investigation into a suspected data breach. The companies are also required to notify the authorities about the incident before 72 hours after discovering a data breach.

The PDPC stated the businesses are required to notify authorities if a breach affects more than 500 individuals. The data intermediaries also need to report potential data breaches to their parent organization within 24 hours after identifying a security incident.

In addition, the PDPC also introduced three initiatives to support innovation and strengthen accountability among organizations – Establishing public consultation to seek opinions on proposed data portability and data innovation provisions, Introducing a new guide on Active Enforcement to drive for organizations shift from compliance to accountability, and an updated guide to managing data breaches.

“Data is a key enabler of digital transformation, but a balance must be achieved between data protection and business innovation. We are taking firm steps to position Singapore as a trusted data hub in the global Digital Economy by seeking feedback on the proposed data portability and innovation provisions, as well as test bedding data breach notification measures. The PDPC also recognizes the importance of being responsive and agile in enforcing data protection in an environment of fast evolving data use, coupled with sweeping technological advances,” said Yeong Zee Kin, the Deputy Commissioner of PDPC.

“Hence, the PDPC has converted its knowledge and experience in investigations to practical enforcement approaches in a Guide to Active Enforcement which businesses can refer to, and also updated the Guide to Managing Data Breaches,” Yeong added.

A recent research stated that cyber-attacks increased in the last 12 months, causing security breaches affecting 96 percent of Singapore businesses surveyed. According to the research report from endpoint security firm Carbon Black, 90 percent of the Singapore businesses have been breached in 2018. In its report named Singapore Threat Report, Carbon Black examined the survey results from different industries, organization sizes, and IT team sizes to show modern attacks and cyber defense landscape in Singapore region.

The Maritime and Port Authority (MPA) of Singapore recently announced the launch of its new 24/7 cybersecurity center, Maritime Cybersecurity Operations Center (MSOC). Inaugurated by Niam Chiang Meng, the Chairman of the Maritime and Port Authority of Singapore (MPA), the new center is operated by ST Engineering, a private contractor.

Designed to strengthen Singapore’s cybersecurity readiness through early detection, monitoring, analysis, and response, MSOC will conduct 24/7 monitoring services across all the port’s information infrastructure. The MSOC can detect vulnerabilities and potential threats by analyzing activities in the IT environment and respond with available technological solutions, according to the MPA.