Latest Articles

The much discussed Cybersecurity Act 2018 (Act. 9 of 2018) (the Act), which was passed by the Singapore Parliament on 5 February 2018, came into force on 31 August 2018 [1]. The new law creates a regulatory framework for the monitoring and reporting of cybersecurity threats to essential services in Singapore through the appointment of the Commissioner of Cybersecurity.  It also creates a licensing regime that will require certain data security service providers in Singapore to…
On 1 February 2018, Singapore Personal Data Protection Commission (PDPC) released its response to feedback on its public consultation on approaches to managing personal data in the digital economy, which took place in Q3 2017 (the Public Consultation). The purpose of  the Public Consultation, was to seek public feedback on proposed changes to Singapore’s data protection regime, the Personal Data Protection Act (PDPA).  The key proposed changes to the PDPA include the relaxation of the…
The Singapore Parliament passed the much discussed Cybersecurity Bill (the Bill) on 5 February 2018 and it is anticipated that the new law will come into force soon.[1]   The new law creates a regulatory framework for the monitoring and reporting of cybersecurity threats to essential services in Singapore through the appointment of the Commissioner of Cybersecurity.  It also creates a licensing regime that will require certain data security service providers in Singapore to…
In a bid to keep pace with advancements in the technological landscape, the Singapore Government has in recent months embarked on public consultations on its draft Cybersecurity Bill (the Cyber Bill) and its proposed amendments to Singapore’s Personal Data Protection Act (PDPA) to update the country’s data protection regime. These changes will have a significant impact on how companies manage personal data and secure their information systems. This article seeks to summarise the proposed changes…
Overview: On 10 July 2017, the Singapore Government unveiled its draft Cybersecurity Bill (the Bill) and announced a public consultation to seek views and comments from the industry and members of public. The public consultation runs from 10 July to 3 August 2017.This Bill comes on the back of various moves by the Singapore Government to strengthen its approach to cybersecurity, starting with the setting up of the Cyber Security Agency (CSA) in April 2015,…
Overview: On 10 July 2017, the Singapore Government unveiled its draft Cybersecurity Bill (the Bill) and announced a public consultation to seek views and comments from the industry and members of public. The public consultation runs from 10 July to 3 August 2017. This Bill comes on the back of various moves by the Singapore Government to strengthen its approach to cybersecurity, starting with the setting up of the Cyber Security Agency (CSA) in April…
Singapore’s Ministry of Home Affairs has announced amendments to the Republic’s cybersecurity laws, i.e. the Computer Misuse and Cybersecurity Act (CMCA), after a series of high-profile cyberattacks in recent years. The Computer Misuse and Cybersecurity Amendment Bill (the Bill), which will be discussed when Parliament sits on 3 April 2017, introduces four key changes to the CMCA: Making it an offence to obtain, retain or supply personal information obtained through cybercrime Making it an offence…
Singapore’s financial regulator, the Monetary Authority of Singapore (MAS), has launched guidelines for its FinTech Regulatory Sandbox, which is now open for applications. The regulatory sandbox is available to financial institutions or any interested firm that wishes to experiment with innovative financial services in a production environment but within a defined space and duration. The guidelines explain the objectives of the regulatory sandbox and provide guidance on the application process including: A template application form;…
The Monetary Authority of Singapore has released its new outsourcing guidelines to financial institutions, which apply to existing outsourcings. Financial institutions have until 27 October 2016, to carry out a self-assessment of all existing outsourcing arrangements against the new guidelines. The guidelines also cover the use of cloud services and a revision to the definition of “material outsourcing arrangement”. For further information on the requirements of the new guidelines please read our full update.…
The Office of the Privacy Commissioner for Personal Data (PCPD) announced on 1 December 2015 that it has commenced an investigation on a data breach incident of VTech Holdings Limited (VTech), a Hong Kong stock exchange listed supplier of children’s learning products that is based in Hong Kong. The scope of the data breach is unclear, but it is likely that data subjects other than Hong Kong residents are affected. It was reported that the…