In response to queries from ZDNet Asia, a spokesperson from the Ministry of Information, Communication and the Arts (Mica), said the inter-ministry committee involves public sector agencies including the Infocomm Development Authority, the Ministry of Trade and Industry, the Ministry of Finance, the Ministry of Home Affairs and the Attorney-General’s Chambers.
According to him, the committee is reviewing various approaches including those of the United States, the European Union and Canada, as there currently is no established, uniform method to deal with data protection.
“In shaping Singapore’s own data protection regime, we will take into account such international perspectives, where relevant, as well as views from the public. “Mica will share the details of the proposed framework at the appropriate juncture,” the spokesperson added.
Joshua Chua, Deloitte & Touche’s security and privacy leader for risk consulting in Southeast Asia, concurred. According to Chua, there is currently no specific data breach notification legislation in Singapore, which mandates that companies notify regulators and the public in the event of a privacy breach, or leakage of personal customer information.
Last year in the United Kingdom and Australia, there were some debate and momentum in handling data breaches. News of an impending data breach notification law surfaced in July when the Information Commissioner’s Office said that the European Union’s ePrivacy Directive would be a catalyst for such legislation in the country. The Hong Kong Monetary Authority, for example, issued a customer data protection circular to all authorized financial institutions on Jul. 10, 2008, he noted. The document contained guidelines requiring banks in the Special Administrative Region to have specific data breach management procedures in place, and also to appoint a senior official responsible for incident management. Instead, data protection and privacy is regulated via industry-specific laws and enforced by industry regulatory bodies, he explained.
Companies, on the other hand, need to ensure they have incident response procedures in place, as poor handling of data breaches can cause further damage.
http://www.zdnetasia.com/news/security/0,39044215,62050547,00.htm