Singapore legislation
Clause 68
Clause 68
Cybersecurity of relevant computer or computer system
(1)
A relevant person must implement reasonable safeguards, in relation to any relevant computer or computer system used by the relevant person to process health information or relevant information —
to protect the confidentiality and integrity of the information;
to ensure the availability of the information for use in the ordinary course of the relevant person’s activities; and
to protect the relevant computer or computer system against unauthorised access, interference or tampering.
(2)
If health information is processed by a relevant HDI of a contributor or user —
the relevant HDI must implement reasonable safeguards —
to protect the confidentiality and integrity of the health information processed by the relevant HDI;
to ensure the availability of the health information for use in the ordinary course of the activities of the contributor or user, as the case may be; and
to protect any relevant computer or computer system used by the relevant HDI to process the health information against unauthorised access, interference and tampering; and
the contributor or user (as the case may be) must ensure that the relevant HDI implements the safeguards mentioned in paragraph (a).
(3)
For the purposes of subsection (1), a relevant person must comply with any requirements that may be prescribed in respect of the safeguards mentioned in that subsection.
(4)
For the purposes of subsection (2)(a), a relevant HDI of a contributor or user must comply with any requirements that may be prescribed in respect of the safeguards mentioned in that provision.
(5)
A person who contravenes subsection (1), (2), (3) or (4) shall be guilty of an offence and shall be liable on conviction —
in the case of an individual, to a fine not exceeding $200,000 or to imprisonment for a term not exceeding 2 years or to both; or
in any other case, to a fine not exceeding $1 million.