Data Breach Management, Response and Notification
Singapore’s Personal Data Protection Act 2012 (PDPA) requires organisations to implement reasonable security arrangements to protect personal data and notify the Personal Data Protection Commission (PDPC) in the event of a notifiable data breach. Organisations that fail to notify the PDPC within the stipulated time frame or comply with other requirements under the PDPA (and any other applicable law) may face regulatory enforcement action and financial penalties.
Drew & Napier’s Data Protection, Privacy & Cybersecurity Practice has advised many clients on implementing security arrangements and data breach management plans in order to comply with the requirements of the PDPA and address their legal risks. We have also advised clients on data breach response and notification, as well as related issues such as obtaining forensic evidence, preservation of legal privilege, legal adequacy of remediation measures and potential legal proceedings (for example, where a data breach involves a data intermediary or other parties).
For data breaches involving multiple jurisdictions, we have assisted clients to engage law firms in the other jurisdictions to ensure that the applicable laws are complied with in a consistent manner (as far as possible).
Data Breach First Responder
With organisations (both large and small) facing more frequent and increasingly sophisticated cyberattacks, data breach response has become a key issue for companies to address in order to limit their legal risks and the resulting impact to their business, especially if a data breach becomes publicly known.
To assist our clients in quickly and effectively responding to a data breach, we have developed a Data Breach First Responder service. As part of this service, we aim to:
- Guide our clients on the immediate steps to be taken when a data breach occurs, including assisting with the appointment of the necessary cybersecurity / forensic consultant (if required),
- Provide an assessment of whether the data breach is notifiable to the relevant authorities and the affected individuals under the law;
- Assist with preparation and submission of the necessary notifications to the relevant authorities (if required); and
- Advise on legal risks and potential legal liabilities relating to the data breach including, for example, communications with the affected individuals and other regulators.
Please contact us for more information about signing up for our Data Breach First Responder service, or should you have any queries about data breach management, response and notification.
For urgent assistance or to activate our Data Breach First Responder service, please contact:
Get in touch
Lim Chong Kin
Corporate & Finance
Co-Head, Drew Data
David N. Alfred
Co-Head and Programme
Director, Drew Data
Course Leader, Drew Data
Protection & Cybersecurity