Singapore legislation

Clause 77

Notifiable data breaches

(1)

Subject to subsection (4), a data breach in relation to health information or relevant information is a notifiable data breach under this Division if the data breach —

(a)

results in, or is likely to result in, significant harm to an affected individual; or

(b)

is, or is likely to be, of a significant scale.

(2)

Without limiting subsection (1)(a), a data breach is deemed to result in significant harm to an individual —

(a)

if the data breach is in relation to prescribed health information or relevant information or a prescribed class of health information or relevant information relating to the individual; or

(b)

in other prescribed circumstances.

(3)

Without limiting subsection (1)(b), a data breach is deemed to be of a significant scale —

(a)

if the data breach affects not fewer than the prescribed number of affected individuals; or

(b)

in other prescribed circumstances.

(4)

Despite subsections (1), (2) and (3), a data breach is not a notifiable data breach if it is of a type or description that is prescribed as such for the purposes of this subsection.

Read in full context — Health Information Bill →