Earlier this month, Singapore’s Minister for Communications and Information, S Iswaran proposed revisions to the Personal Data Protection Act (PDPA). Designed to enhance consumer confidence in the security of Singapore’s digital economy and help businesses protect their operations, the changes would see businesses pay higher penalties for data breaches.
What does this mean for businesses?
Currently, businesses in Singapore face a maximum fine of $1 million in the event of a data breach. Under the proposed changes, a business would receive a fine of up to 10 percent of its annual turnover in Singapore or $1 million (whichever is higher). Iswaran has indicated that the penalty must be proportionate to the severity of the security breach and the raised cap will not take effect for at least 12 months after the Act comes into force.
If a data breach impacts 500 individuals or more, this will be classified as an incident of a significant scale. In this instance, businesses will be required to notify the Personal Data Protection Commission (PDPC) and the affected individuals if there is a significant risk of fraud or identity theft.
What do I need to do?
These changes are still being reviewed. However, this should not stop you from considering Cyber Insurance at this juncture. Some of the key coverages for Cyber Insurance include Business Interruption (subject to waiting periods) and expenses necessary for incident response. In addition, some underwriters allow for coverage of regulatory fines, as a separate buy back. If you have a Cyber Insurance policy in place and a threat is identified, you will receive a notice from the risk management provider, outlining actions to take to reduce the likelihood of a subsequent attack.
With you all the way
Overwhelmed by all the terminology? No problem! Feel free to contact Honan for an individual risk assessment and advice at any time.
Client Manager – Commercial, Honan Asia