Organisations in Singapore now are expected to take no more than 30 days to complete an investigation into a suspected data breach and notify the authorities of the incident 72 hours after completing their assessment. These are part of new guidelines to help companies manage data breaches more effectively and are expected to be included in the upcoming amendment of the country's data protection act.
In addition, businesses are expected to notify authorities if a breach affects more than 500 individuals or where "significant harm or impact" to the individuals are likely to occur due to the breach, according to the Personal Data Protection Commission (PDPC), which oversees the act. Data intermediaries also should report potential data breaches to their parent organisation within 24 hours from when they first identify a suspected incident.
Source: Eileen Yu | ZDNet