Aug 152016

Singapore Parliament to Bring Up Cybersecurity Bill in 2017

Yuet Ming Tham
, , , , ,

The Singapore government has renewed its emphasis on cybersecurity due to the increase in incidents affecting the private and public sectors both domestically and around the world. As a result, Singapore set up its Cyber Security Agency (CSA) on April 1, 2015, to oversee strategy, education, outreach and industry development. On April 11, 2016, Dr. Yaacob Ibrahim, Minister for Communications and Information, announced that the government would develop a Cybersecurity Act (Cybersecurity Bill), which is expected to be tabled in Parliament next year.

The draft of the Cybersecurity Bill has not been circulated. However, Dr. Yaacob outlined four possible features: assurance that critical information infrastructure (CII) (e.g., energy, water, transportation, government, media, finance, security and emergency services) operators are proactive in maintaining cybersecurity; a mandatory reporting requirement for security breaches; wider powers for the CSA to manage cybersecurity incidents; and higher standards for cybersecurity providers.

While the Cybersecurity Bill is expected to target CII operators, businesses dealing with CII operators could be affected as businesses may be required to cooperate with CII operators when there is a breach. Therefore, businesses may need to plan for how they will support CII operators in the event of an incident. CII operators should pay particular attention to mandatory reporting obligations, as compliance measures addressing cybersecurity incidents will have to be introduced to ensure effective reporting. Given the increasing prevalence of cybersecurity incidents, businesses will need to mitigate risks and train their personnel with regard to managing and dealing with cybersecurity risks and incidents.

Yuet Ming Tham

Singapore, Hong Kong

ytham@sidley.com

You might also like
FCC Proposes Updated Data Breach Reporting Requirements, Comment Period Ongoing

On January 6, 2023, the Federal Communications Commission (the Commission) released a unanimously adopted Notice of Proposed Rulemaking, “In the Matter of Data Breach Reporting Requirements” (Proposed Rule).  The Commission sought comments through February 22, 2023 on the Proposed Rule which will update its current data breach reporting rule. Reply comments are due on or before March 24, 2023.

Substantial changes to Hong Kong’s privacy laws coming

In a briefing to the Legislative Council (Hong Kong’s legislative body) on February 20, 2023, the Privacy Commissioner (“the Commissioner”) announced that substantive amendments to the Personal Data (Privacy) Ordinance (“PDPO”) will take place.

New FTC Guidance for Mobile Health Apps

Healthcare providers, health plans, and technology companies that use mobile health apps to access, collect, share, use, or maintain information related to an individual’s health should take note of the recently issued Federal Trade Commission (FTC) Mobile Health App Interactive Tool. The purpose of the tool is to help mobile health developers determine the federal regulatory, privacy, and security laws and regulations that may apply to the use of a consumer’s health information, such as information related to diagnosis, treatment, fitness, wellness, or addiction. While the tool should not be considered legal advice and cannot guarantee compliance with legal requirements, it can help healthcare providers, health plans, and technology companies issue-spot to manage risk in this heavily regulated space.