SINGAPORE Law and Practice Contributed by: Lim Chong Kin, David N Alfred, Albert Pichlmaier and Goh Boon Yeow, Drew & Napier LLC
role of reducing the ways in which malicious actors may conduct cyber-attacks. Spam Control Act 2007 (SCA) The SCA provides for the control of spam and for matters connected with spam in Singapore. The SCA generally regulates the sending of electronic messages with a Singapore link and contains specific obligations relating to senders of unsolicited commercial electronic messages in bulk. Such obligations include the use of the label “<ADV>” to mark unsolicited commercial electronic messages and to offer an unsubscribe option to recipients. The SCA also prohibits the sending of an electronic message to an elec - tronic address obtained through the use of a dic - tionary attack or address-harvesting software. The SCA is a civil penalty regime where non- compliance with these requirements may result in civil actions against the spammer. Public Sector (Governance) Act 2018 (PSGA) Aside from the confidentiality and secrecy pro - visions found across various legislation, data protection and management in the public sec - tor is also governed under the PSGA. The PSGA, which aims to strengthen public sector data gov - ernance, imposes criminal penalties on public officers who recklessly or intentionally disclose data without authorisation, misuse data for a gain or re-identify anonymised data. Specific data security policies are further set out in the Government Instruction Manual on IT Manage - ment. Other Sectoral Frameworks Two notable examples are in the telecommuni - cations and banking and finance sectors. First, in the area of telecommunications, the telecoms and media regulator, the Info-commu - nications Media Development Authority (IMDA),
has published a Telecommunications Cyberse - curity Code of Practice to enhance cybersecurity preparedness of designated telecommunication licensees such as internet service providers in Singapore. This Telecommunications Cyberse - curity Code of Practice, which was formulated in line with international standards and best practices including the ISO/IEC 27011 and IETF Best Current Practices, sets out requirements on security incident management and other con - trols to help licensees prevent, protect, detect and respond to cybersecurity threats. Secondly, the Singapore financial regulatory authority, the Monetary Authority of Singapore (MAS), has issued its Technology Risk Manage - ment (TRM) Guidelines (the “TRM Guidelines”), which set out risk management principles and best practices to guide financial institutions (FIs) in establishing sound and robust technology risk governance and oversight, as well as in main - taining IT and cyber-resilience. In conjunction with this, the MAS has also issued legally bind - ing Notices on TRM and Cyber Hygiene which give effect to some of the requirements in the TRM Guidelines. Please also see 3.1 Scope of Financial Sector Operation Resilience Regula- tion for further details. 1.3 Cybersecurity Regulators Cyber Security Agency of Singapore The regulatory authority responsible for the administration and enforcement of the Cyber - security Act is the CSA. The CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information (MDDI), and led by the Commissioner of Cyber - security. The Minister for Digital Development and Information (as the Minister-in-charge of Smart Nation and Cybersecurity) may appoint Assistant Commissioners from sectoral regula - tors who understand the unique context and
228 CHAMBERS.COM
Powered by FlippingBook