Rajesh Sreenivasan, Steve Tan, Benjamin Cheong, Lionel Tan, Tanya Tang, Wong Onn Chee, Simon Goh, and Wang Ying Shuang of Rajah & Tann Asia write:

On 22 February 2023, the Monetary Authority of Singapore (“MAS“) issued Circular No. ID 03/23 – Notification of Data Breaches to the Monetary Authority of Singapore (“Circular 03/23“). Circular 03/23 sets out the revised expectations for licensed insurers regarding notifying MAS of data breaches. It replaces Circular No. ID 10/14 – Notification to the Monetary Authority of Singapore on Events of Significant Impact, which has been cancelled from 22 February 2023, the date Circular 03/23 came into effect.

Circular 03/23 sets out the data breaches that must be notified to MAS under the following categories:

• Data breaches under the Personal Data Protection Act 2012 (“PDPA“);
• Data breaches that meet the criteria under MAS Notice 127 – Notice on Technology Risk Management (“Notice 127“) and the MAS Guidelines on Outsourcing (“Outsourcing Guidelines“); and
• Other data breaches.

This Update highlights the notification requirements, as well as the relevant timelines for notification, under Circular 03/23.

Read more of their article on Lexology.com