The Singapore Personal Data Protection Commission has published its response to feedback collected during a public consultation process related to alternatives for collecting, using and disclosing personal data; in addition to a mandatory data breach notification requirement. The PDPC said it intends to amend its consent framework to incorporate the Notification of Purpose approach, where organizations may collect, use and disclose personal data merely by providing a form of appropriate notice and a mechanism to opt out. Regarding the breach notification requirement, the PDPC stated that the time frame for the breach notification obligation commences after an affected organization first becomes aware that an information security incident occurred, and then it has 72 hours to report the incident to the affected individuals and the PDPC.
