Call for mandatory reporting of data breaches in Singapore

August 31, 2015 |

The Straits Times in Call to mandate reporting of data breaches opines on the need for mandatory reporting.  The Straits Times is not a campaigning paper by any means and ruffling government feathers is not in its DNA.  Quite the opposite.  The muted arguments against such laws in the short term raised by the Singapore chairman of the Personal Data Protection Commission mirrors the dithering approach to regulation by governments in Australia as to proper privacy regulation and the insipid implementation of existing regulations by the Privacy Commissioner traditionally and currently.

Mandatory data protection is almost ubiquitous at a state level in the United States and in Canada.  It is curious that the United States has a more comprehensive data protection regulation in one respect at least.

The article provides:

Countries that legally require companies and organisations to report data breaches to the authorities are doing the right thing and the rest of the world should do the same, reporters were told yesterday.

Singapore has yet to follow the lead of mature jurisdictions such as the United States and Canada that make it compulsory to notify customers and privacy commissions when personal information is compromised.

Mr Mikko Hypponen, chief research officer at Finnish security software maker F-Secure, said it was just pragmatism.

“If your credit-card number had been stolen, you would want to know… to look out for (unauthorised) transactions. Similarly, if your password had been stolen, you would want to change it .

“The United States and Canada are doing the right thing and should be followed by the rest of the world,” Mr Hypponen noted.

ACHIEVING COMPLIANCE

The Act is still in the early phase of implementation and organisations require more guidance in achieving compliance.

MR LEONG KENG THAI, chairman of Personal Data Protection Commission

He was speaking at the opening of the inaugural Data Privacy Asia conference in Singapore.

More than 100 data privacy and cyber-security experts attended the first day of the three-day conference at the Grand Hyatt Hotel.

Privacy advocate and engineer Ngiam Shih Tung, 44, supported the notion, saying that the Singapore authorities should define the parameters for organisations to report a breach so consumers affected can take precautions.

Singapore’s Personal Data Protection Act came fully into force only in July last year and does not require companies to report their data breaches.

Mr Wong Yu Han, director of strategy at Singapore’s high-level Cyber Security Agency, said measures to counter data leaks are complex. “We are looking at… revising our laws,” he told reporters at the event.

In his opening address, Mr Leong Keng Thai, chairman of Singapore privacy watchdog Personal Data Protection Commission, said: “The Act is still in the early phase of implementation and organisations require more guidance in achieving compliance.”

But lawyer Gilbert Leong, a partner at Rodyk & Davidson, told The Straits Times: “It is only a natural, logical progression to mandate data breach reporting here.”

The requirement may not be immediate as it would be “too much” for local organisations to get used to so soon.

Also in his keynote address, Mr Hypponen called for greater transparency among governments in law enforcement actions.

He added: “Governments should let citizens know how successful the (snooping) tools (they use on citizens) are in cracking crimes.”

One Response to “Call for mandatory reporting of data breaches in Singapore”

  1. Call for mandatory reporting of data breaches in Singapore | Australian Law Blogs

    […] Call for mandatory reporting of data breaches in Singapore […]

Leave a Reply





Verified by MonsterInsights