MAS Revises the Technology Risk Management Guidelines

The Monetary Authority of Singapore has revised the Technology Risk Management Guidelines applicable to financial institutions and their third party service providers. The revised Guidelines highlight MAS's increased expectations for cybersecurity controls and their importance in a financial institution's technology development and delivery lifecycle.

Read more

Overview of PDPC Guide on Managing Data Intermediaries

The Personal Data Protection Commission's Guide on Managing Data Intermediaries highlights key obligations of, and considerations for, data controllers in outsourcing data processing activities to data intermediaries.

Read more

Review of Recent PDPC Decisions - September 2020

Decisions published by the Personal Data Protection Commission in September 2020 highlight the importance of imposing contractual data protection obligations on vendors that will possess or access personal data. Organisations should also implement a password management policy, conduct properly-scoped pre-launch testing of IT features and cease retaining personal data that are no longer necessary.

Read more

Review of PDPC August Decisions

Decisions published by the Personal Data Protection Commission in August 2020 highlight the importance of having security measures - reasonable and appropriate to the type of personal data processed and nature of processing undertaken - in order to protect data in compliance with the Personal Data Protection Act 2012. Organisations using IT systems to collect and process personal data must conduct rigorous pre-launch testing and regular security reviews.

Read more

Public Consultation on the Proposed Amendments to the Personal Data Protection Act

The MCI and PDPC published a consultation paper on the proposed amendments to the Personal Data Protection Act (PDPA) and related amendments to the Spam Control Act (SCA). The proposed amendments strengthen organisations' accountability, introduce additional bases for collecting, using and disclosing personal data, impose a data portability obligation, harmonise PDPA and SCA provisions, and fortify available enforcement measures.

Read more


Go to Page: