Singapore pegs breach notification threshold at 500 data subjects – analysis

27 May 2020 - 12:00 am UTC

Singapore’s recent move to finalize its data protection law amendment raised some interesting talking points, including the mandatory notification threshold for data breaches that impact 500 or more individuals. This figure, however, should not be the sole criterion for determining reportable incidents, lawyers told PaRR.

Meanwhile, unlike the EU’s GDPR which requires entities to notify within 72 hours after “becoming aware of” a breach, it is important to note that the clock does not start until a company determines a breach is reportable … this reassures and gives room for entities to determine if a breach causes significant harm to individuals, or whether it meets the numerical reporting threshold.

PaRR subscribers can read the full article on PaRR here.

Not a subscriber? PaRR delivers global intelligence on competition law. To read this article and more, apply for a free trial below.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
player	1 year	Vimeo uses this cookie to save the user's preferences when playing embedded videos from Vimeo.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_CNXJLM77MQ	2 years	This cookie is installed by Google Analytics.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

About PaRR

News and partnerships

Contact

Singapore pegs breach notification threshold at 500 data subjects – analysis