Singapore legislation

Section 26B

of Personal Data Protection Act 2012

Section 26B

Notifiable data breaches

Amended by40/202040/202040/202040/2020

(1)

A data breach is a notifiable data breach if the data breach —

(a)

results in, or is likely to result in, significant harm to an affected individual; or

(b)

is, or is likely to be, of a significant scale.

Amended by40/2020

(2)

Without limiting subsection (1)(a), a data breach is deemed to result in significant harm to an individual —

(a)

if the data breach is in relation to any prescribed personal data or class of personal data relating to the individual; or

(b)

in other prescribed circumstances.

Amended by40/2020

(3)

Without limiting subsection (1)(b), a data breach is deemed to be of a significant scale —

(a)

if the data breach affects not fewer than the prescribed number of affected individuals; or

(b)

in other prescribed circumstances.

Amended by40/2020

(4)

Despite subsections (1), (2) and (3), a data breach that relates to the unauthorised access, collection, use, disclosure, copying or modification of personal data only within an organisation is deemed not to be a notifiable data breach.

Amended by40/2020

Read in full context — Personal Data Protection Act 2012 →