At the Intersection of Technology, Law, and Business
July 01, 2019 - Privacy + Data Security, Asia

Singapore Shakes Up Privacy: 72-Hour Breach Notice, New Guidance

Biometric Information as Personal Information In A Brave New World of Regulatory Compliance

The Singapore Personal Data Protection Commission (PDPC) has had a busy year and shows no signs of slowing down. In January 2019, the PDPC handed down a record SGD 1 million enforcement related to the SingHealth data breach – a breach that resulted from a cyber attack of unprecedented scale in Singapore, which saw the theft of 1.5 million personal and medical records from an electronic medical records system. Following that, the PDPC has levied financial penalties against companies small and large, posted new regulatory guidelines on breach notice timing and enforcement, and proposed key changes to data subject rights under Singapore’s Personal Data Protection Act (PDPA). We urge any company doing business in Singapore to familiarize themselves with the latest PDPC developments laid out below. 

Read our client alert.