Singapore legislation

Clause 78

Duty to conduct assessment of data breach

(1)

Where a relevant person has reason to believe that a data breach affecting health information or relevant information in the possession or under the control of the relevant person has occurred, the relevant person must conduct, in a reasonable and expeditious manner, an assessment of whether the data breach is a notifiable data breach.

(2)

Where a relevant HDI of a contributor or user (other than a relevant HDI mentioned in section 81) has reason to believe that a data breach has occurred in relation to health information that the relevant HDI is processing on behalf of and for the purposes of the contributor or user, as the case may be —

(a)

the relevant HDI must, without undue delay, notify the contributor or user (as the case may be) of the occurrence of the data breach; and

(b)

the contributor or user (as the case may be) must, upon notification by the relevant HDI, conduct an assessment of whether the data breach is a notifiable data breach.

(3)

The relevant person must carry out the assessment mentioned in subsection (1) or (2)(b) in accordance with any prescribed requirements.

Read in full context — Health Information Bill →