Public disclosure and notification of companies’ security breaches will “inevitably” be part of discussions in future amendments to Singapore’s upcoming Data Protection Act, as the country looks to keep in line with more mature jurisdictions.Notification of security breaches by companies is already a part of several jurisdictions such as with the European data protection and America’s data protection directive.Singapore is relatively new with its data protection bill not officially enacted yet, therefore it will look to countries with more mature laws for adequacy, or giving its citizens similar level of data protection. Currently, it is not mandatory for organizations to issue data breach notifications. For example, if a Singapore company with international operations is breached, they would have to disclose the breach in countries such as the U.S. where the data protection law states the company has to notify them. However, they do not have to disclose it in Singapore. This could affect companies and the way they do business because of differing regulations, while citizens may question inconsistencies between the local government and those abroad.
Read more