Search for:

On 3 April 2017, the Singapore Parliament passed proposed changes to the Computer Misuse and Cybersecurity Act (CMCA). The parliamentary debates on the amendment Bill shed further light on Singapore’s legislative framework for combatting cybercrime.

The new section 8A of the amended Act criminalises the use of personal data obtained via an act in breach of the CMCA, where the person knows or has reason to believe that the personal information was so obtained. It is not an offence if the information was used for a purpose other than to commit or facilitate the commission of an offence.

In this regard, the Senior Minister of State for Home Affairs, Mr. Desmond Lee, further clarified the scope of section 8A. The Minister explained that journalists or researchers who use information derived from hacks for their news reports or research would not fall afoul of the law, as long as they do not circulate the personal details that were disclosed through the hack.

On the whole, Section 8A arguably gives the prosecution more teeth to tackle cybercrime. For the purpose of proving the person’s knowledge that the information was obtained in breach of the CMCA, the prosecution does not have to prove the particulars of the contravention, such as who carried out the contravention and when it took place.

The Members of Parliament also raised their concerns over low cybersecurity risk awareness amongst businesses. In particular, the new section 8B of the amended Act criminalises the act of obtaining and the act of dealing in tools which may be used to commit a CMCA offence. Businesses which are less prudent may therefore fall afoul of the law in the course of selling their products.

In response, the Minister noted that the Singapore Computer Emergency Response Team (SingCERT) provides cautionary advisories to companies to alert them to cyber threats. Moreover, the Info-communications Media Development Authority of Singapore (IMDA) will be establishing a new Technology Hub to provide, inter alia, cybersecurity advice to small- and medium-sized enterprises (SMEs).

Going forward, it will be worth keeping an eye on how the amended Act operates hand-in-hand with the impending Cybersecurity Act, which is set to be tabled in Parliament later this year


Andy Leck is the managing principal of Baker McKenzie.Wong & Leow. Mr. Leck is recognised by the world’s leading industry and legal publications as a leader in his field. Asian Legal Business notes that he “always gives good, quick advice, [is] client-focused and has strong technical knowledge for his areas of practice”. Alongside his current role as managing principal, Mr. Leck has held several leadership positions in the Firm and externally as a leading IP practitioner. He currently serves on the International Trademark Association's Board of Directors and is a member of the Singapore Copyright Tribunal.


Ren Jun is an associate principal of Baker & McKenzie.Wong & Leow. Ren Jun extensively represents local and international intellectual property-intensive clients in both contentious and non-contentious IP matters, such as anti-counterfeiting; civil and criminal litigation; commercial issues; regulatory clearance; and advertising laws. Ren Jun also advises on a wide range of issues relating to the healthcare industries. These include regulatory compliance in respect of drugs, medical devices, clinical trials, health supplements and cosmetics; product liability and recall; and anti-corruption. Ren Jun is currently a member of the Firm's Asia Pacific Healthcare ASEAN Economic Community; Product Liability and Regulatory Sub-Committees.