Singapore legislation
Clause 79
Clause 79
Duty to notify occurrence of notifiable data breach
(1)
Where a relevant person assesses, in accordance with section 78, that a data breach is a notifiable data breach, the relevant person must notify the Minister as soon as is practicable, but in any case no later than the expiry of the prescribed period after the day the relevant person makes that assessment.
(2)
The notification under subsection (1) must contain, to the best of the knowledge and belief of the relevant person at the time the relevant person notifies the Minister, all the information that is prescribed for this purpose.
(3)
The notification under subsection (1) must be made in the form and submitted in the manner required by the Minister.
(4)
A relevant person is not, by reason only of notifying the Minister under subsection (1), to be regarded as being in breach of —
any duty or obligation under any written law, rule of law or contract as to secrecy or other restriction on the disclosure of information; or
any rule of professional conduct or ethics applicable to the relevant person.
(5)
Subsection (1) applies concurrently with any obligation of the relevant person —
under this Part to notify the Minister of the occurrence of a notifiable cybersecurity incident arising from or relating to a data breach; or
under any other written law to notify any other person (including the Government or any public authority) of the occurrence of a data breach, or to provide any information relating to a data breach.