MAS Proposes to Require Financial Institutions to Strengthen Identity Verification

The Monetary Authority of Singapore proposes to require financial institutions to strengthen their processes for verifying the identity of their customers in non-face-to-face situations. The proposed Notice on Identity Verification aims to address global risks from the increasing number of cyber attacks.

Read more

Overview of PDPC Guide on Managing Data Intermediaries

The Personal Data Protection Commission's Guide on Managing Data Intermediaries highlights key obligations of, and considerations for, data controllers in outsourcing data processing activities to data intermediaries.

Read more

Review of Recent PDPC Decisions - September 2020

Decisions published by the Personal Data Protection Commission in September 2020 highlight the importance of imposing contractual data protection obligations on vendors that will possess or access personal data. Organisations should also implement a password management policy, conduct properly-scoped pre-launch testing of IT features and cease retaining personal data that are no longer necessary.

Read more

Review of PDPC August Decisions

Decisions published by the Personal Data Protection Commission in August 2020 highlight the importance of having security measures - reasonable and appropriate to the type of personal data processed and nature of processing undertaken - in order to protect data in compliance with the Personal Data Protection Act 2012. Organisations using IT systems to collect and process personal data must conduct rigorous pre-launch testing and regular security reviews.

Read more

Singapore Eases Overseas Transfers of Personal Data

Asia Pacific Economic Cooperation Cross-Border Privacy Rules (CBPR) System and Privacy Recognition for Processors (PRP) system certifications are now recognised by Singapore as one of the modes of data transfer abroad. In its updated Advisory Guidelines on Key Concepts in the PDPA published on 2 June 2020, the PDPC explained that a transfer of an organisation's personal data to a CBPR or PRP accredited recipient meets the criteria of an overseas transfer under the PDPA.

Read more


Go to Page: