Partners
Executive Programme 2024 - Legal & IT Governance Module 1
Data Protection Governance & Laws in Singapore
Current global surveys of IT leaders across many countries expect their budgets for data protection to continue on a healthy growth trajectory, including additional spending of up to 8% annually.
The number of countries and the proportion of the economies of these countries going digital resulted in recognising the importance of data protection and privacy. As a result, 137 out of 194 countries have put in place legislation to secure data and privacy protection. Only 15% of the countries still need legislation in place. At the Association of Southeast Asian Nations level (ASEAN) Digital Ministers’ Meeting (ADGMIN) approved the ASEAN Data Management Framework (DMF) and Contractual Model Clauses for Cross Border Data Flows (MCCs) on 22 Jan 2022.
The two-day course will briefly cover Data Governance (“DG”) within the broad discipline of Information Technology Governance (“ITG”). The discussion of ITG and DG serves as a context for the focus discussion of the relevant data protection and privacy legislation.
It will be followed by another two-day course (Module 2) introducing the importance of Incident Response and Data Breach Management Framework. You would be laying down the current mandatory reporting requirements and some important considerations to understand technical and social media in data breach.
Course description:
Data governance is generally defined as how an organisation manages its data by setting data policies on how data is gathered, stored, processed, and disposed of. An essential aspect of data governance is access control to the data. The access control may need to comply with specific industry standards or a regulatory agency regulating that organisation in its jurisdiction. As the value of data is recognised by both Government and commercial organisations for different reasons, data governance is increasingly regulated in many countries.
Concerning Singapore, we will examine the legal policy behind a specific piece of legislation, followed by a focus examination of the legislation and regulations. We will examine the following legislation in this course:
(a) The Personal Data Protection Act (“PDPC”) (2012)
(b) The Cybersecurity Act of 2018; and
(c) The Computer Misuse Act (“CMA”) (1993).
The course will continue to examine as part of data management the demand for cross border data transfer and management and data localization within Asean.
To conclude the course, we will examine incident response and data breach management. Here will cover the key principles and processes involved apart from mandatory legal reporting in incident reporting. For example, what is an incident may not be a data breach and vice versa. The participant will also have an overview of the different parties required to handle an incident within a company in tandem with other professionals in different fields such as information technology, marketing, human resource, and media within the company.
Event Location
Executive Programme 2024 - Legal & IT Governance Module 1
Event ended.