Monetary Authority of Singapore Sets Out Revised Expectations for Notification of Data Breaches by Licensed Insurers
Rajesh Sreenivasan, Steve Tan, Benjamin Cheong, Lionel Tan, Tanya Tang, Wong Onn Chee, Simon Goh, and Wang Ying Shuang of Rajah & Tann Asia write:
On 22 February 2023, the Monetary Authority of Singapore (“MAS“) issued Circular No. ID 03/23 – Notification of Data Breaches to the Monetary Authority of Singapore (“Circular 03/23“). Circular 03/23 sets out the revised expectations for licensed insurers regarding notifying MAS of data breaches. It replaces Circular No. ID 10/14 – Notification to the Monetary Authority of Singapore on Events of Significant Impact, which has been cancelled from 22 February 2023, the date Circular 03/23 came into effect.
Circular 03/23 sets out the data breaches that must be notified to MAS under the following categories:
- Data breaches under the Personal Data Protection Act 2012 (“PDPA“);
- Data breaches that meet the criteria under MAS Notice 127 – Notice on Technology Risk Management (“Notice 127“) and the MAS Guidelines on Outsourcing (“Outsourcing Guidelines“); and
- Other data breaches.
This Update highlights the notification requirements, as well as the relevant timelines for notification, under Circular 03/23.
Read more of their article on Lexology.com