Search for:

Alex Toh

Alex is a local principal in the Intellectual Property & Technology Practice Group in Baker McKenzie Wong & Leow with over 13 years of experience. Alex is a Certified Information Privacy Professional (CIPP/EU) by the International Association of Privacy Professionals (IAPP), a certified AI Ethics and Governance Professional by the Singapore Computer Society and a member of the Cybersecurity and Data Protection Committee of the Law Society of Singapore. He holds a master's in law, science and technology from Stanford University.

The Singapore Computer Emergency Response Team (SingCERT), set up by the Cyber Security Agency of Singapore to facilitate the detection, resolution and prevention of cybersecurity-related incidents on the internet, has issued a list of measures that organisations should adopt to ensure proper cyber hygiene controls are in place and operating correctly.
SingCERT’s advisory is issued on the basis of warnings of increased cyber threats globally arising from the recent cyberattacks on Ukraine and the developments in the invasion of Ukraine by Russia.

Singapore authorities are looking to address the recent spate of SMS-phishing scams targeting digital bank users through a variety of measures. The multi-stake holder approach involves government entities with responsibilities for the financial, telecommunications and home affairs sectors, as well as industry groups such as the Association of Banks in Singapore.

On 25 May 2021, the Singapore High Court provided long-awaited clarifications on the scope of private actions under the Personal Data Protection Act 2012 (PDPA). It was held that in order to succeed in a private action under the PDPA, the claimant must suffer loss or damage that falls within the common law heads of loss or damage (such as pecuniary loss, damage to property, and personal injury including psychiatric illness) directly as a result of contravention of certain PDPA provisions.

In brief The Monetary Authority of Singapore (MAS) has recently revised its Technology Risk Management Guidelines 2021 (“TRM Guidelines”)1 after feedback from a 2019 public consultation2 and engaging with cyber security experts. While there is some overlap between the TRM Guidelines and the previous 2013 edition of the TRM Guidelines (2013 edition),…

On 20 November 2020, the Personal Data Protection Commission (PDPC) issued the draft Advisory Guidelines on Key Provisions of the Personal Data Protection (Amendment) Bill (“Guidelines”). 

We had summarized in our previous client alerts the changes proposed during the public consultation (“Consultation Paper”) on the Personal Data Protection (Amendment) Bill (“Bill”), as well as the salient differences between the Consultation Paper and the Bill that was introduced and read in the Singapore Parliament on 5 October 2020. The Bill has since been passed by Parliament on 2 November 2020 (“Act”). 

For this client alert, we will focus on a few pertinent points that have been highlighted in the Guidelines.

On 5 October 2020, the Personal Data Protection (Amendment) Bill (“Bill”) was introduced and read for the first time in the Singapore Parliament. The Bill proposes material changes to the Personal Data Protection Act 2012 (No. 26 of 2012) (PDPA).  

We had previously summarised in our earlier client alert the changes proposed during the public consultation on the Bill (“Consultation Paper”). There have been material changes between the Consultation Paper and the Bill presented in Parliament. For the purposes of this client alert, we have highlighted, in the paragraphs below, a few salient differences.

Singapore’s Personal Data Protection Commission (PDPC) and the Ministry of Communications and Information (MCI) are conducting a public consultation on significant proposed amendments to the Personal Data Protection Act (PDPA) and the Spam Control Act (SCA), after taking into consideration the feedback received in 3 previous public consultations.

On 22 May 2019, the Personal Data Protection Commission (“PDPC”) launched a guide titled “Guide to Managing Data Breaches 2.0” (the “Guide”) that refreshes an earlier guide on the topic that was published in 2015. The refreshed Guide retains some of the best practices for managing data breaches in the earlier guide and…