PDPA Alert: Data Breach Notification
InsiderTAPS Oct 2021
Download PDF File
While there is still no mandatory data breach notification required under the Personal Data Protection Act 2010 (“PDPA”), the Department of Personal Data Protection (“DPDP”) has recently in October 2021 placed an advisory regarding data breach notification on its official website (see here) for the purposes of promoting and encouraging data users to report any data breach incident involving personal data to the Personal Data Protection Commissioner (“Commissioner”) within 72 hours of becoming aware of the breach and to provide the following information in the data breach notification:
- particulars of data user and contact details of the person giving the notification;
- details of the data breach (including a summary of the incident, the amount and type of data that has been compromised, the estimated number of affected data subjects, the potential harms caused by the incident and the security measures or controls currently in place);
- details of any actions taken to contain the breach or recover any lost data and minimise the damage of the breach (such as the procedures or instructions in place to minimise risks to security of data or restoration of data via back-up servers or tapes, etc.); and
- whether the notification has been made to other parties (namely, the regulators and law enforcement agencies, affected parties, data processors and other overseas data protection authorities).
The data breach notification can be done online through the Personal Data Protection System (see here) established by the DPDP or by submitting the completed data breach notification form (available here) to the Commissioner by post or email.
It is pertinent to note that a mandatory data breach notification has been proposed by the Commissioner at public consultation to be introduced in the upcoming amendments to the PDPA (see public consultation document available here) which are aimed at strengthening the effectiveness and practical implementation of the PDPA whilst aligning it to international standards. The proposed amendments have yet to be tabled in Parliament.
Lee Lin Li
T: +603 2050 1898
Chong Kah Yee
T: +603 2050 1831