“Organisations in Singapore are now expected to take no more than 30 days to complete an investigation into a suspected data security breach and notify the authorities of the incident 72 hours after completing their assessment. These are part of new guidelines to help companies manage data breaches more effectively and are expected to be included in the upcoming amendment of the country’s data protection act.”
Businesses are expected to notify authorities if a breach affects more than 500 individuals or where “significant harm or impact” to the individuals is likely to occur due to the breach.
Data intermediaries also should report potential data breaches to their parent organization within 24 hours from when they first identify a suspected incident. “While these are just guidelines for now, with no regulatory repercussions, the commission said organisations in Singapore should make the required changes to facilitate detection as breach notification would be made mandatory as part of the upcoming amendments to the Data Protection Act.”