Josephine Teo on reporting protocol for Marina Bay Sands data breach
On Nov 7 this year, Marina Bay Sands announced a breach of its customers’ loyalty programme membership data that took place on Oct 19 and 20. It has since notified the affected individuals. Communications and Information Minister Josephine Teo, who gave this update in reply to an MP’s questions in Parliament on Wednesday (Nov 22), stressed that Singapore takes breaches of personal data seriously. She pointed out that Marina Bay Sands discovered the data breach on Oct 20 and notified the Personal Data Protection Commission (PDPC) on Oct 24. On the question of why notifications are not required to be made immediately, Mrs Teo said there are usually four things that organisations have to undertake. They must immediately seek to contain the breach, make best efforts to assess the degree and extent of data loss, assess whether this falls within the requirements for notification and if it does, they must proceed to make a report, and evaluate their containment efforts. Mrs Teo said as the priority is containment and assessment, the PDPC does give the organisation a little bit of time to make the notification report. Mrs Teo said the PDPC is conducting investigations into this incident.
On Nov 7 this year, Marina Bay Sands announced a breach of its customers’ loyalty programme membership data that took place on Oct 19 and 20. It has since notified the affected individuals. Communications and Information Minister Josephine Teo, who gave this update in reply to an MP’s questions in Parliament on Wednesday (Nov 22), stressed that Singapore takes breaches of personal data seriously. She pointed out that Marina Bay Sands discovered the data breach on Oct 20 and notified the Personal Data Protection Commission (PDPC) on Oct 24. On the question of why notifications are not required to be made immediately, Mrs Teo said there are usually four things that organisations have to undertake. They must immediately seek to contain the breach, make best efforts to assess the degree and extent of data loss, assess whether this falls within the requirements for notification and if it does, they must proceed to make a report, and evaluate their containment efforts. Mrs Teo said as the priority is containment and assessment, the PDPC does give the organisation a little bit of time to make the notification report. Mrs Teo said the PDPC is conducting investigations into this incident.
Popular Shows
