Watchdog to form expert panel for data breach probes

SINGAPORE'S privacy watchdog is looking to appoint a panel of digital forensic experts to help with data breach investigations here.

This comes in the wake of the leak of karaoke chain K Box's membership data in September - the biggest breach of personal data here.

It resulted in more than 300,000 customers' names, addresses and mobile phone and identity card numbers being posted online.

It is unclear, however, if the Personal Data Commission, which enforces data protection laws here, will call upon these experts to assist in its investigations of the K Box breach.

Tender documents seen by The Straits Times stated that the panel is required to support the commission in collecting and analysing digital evidence.

The contractors may also be tasked to recover lost data from computer hard disks, or provide digital forensic expert witnesses or evidence in court.

Tender instructions note that this is for "taking enforcement actions against organisations that are found to have breached the Personal Data Protection Act".

The legislation, which was fully enforced on July 2, seeks to provide safeguards against the wrongful collection, use and disclosure of personal data for marketing.

Under the new law, organisations must also take "reasonable security measures" - which are not spelt out - to protect consumers' personal data. Errant businesses face a fine of up to $1 million.

The role of the new digital forensic panel will not be limited to looking into data leaks. It is also expected to help the commission investigate violations of the "Do Not Call" rules, which carry a fine of up to $10,000 per breach.

The commission is looking to appoint up to five forensic contractors in the panel. The tender closes on Nov 28.

Lawyer Rajesh Sreenivasan, a partner at Rajah & Tann, said that the appointment of an external panel of experts is in line with what overseas privacy regulators do.

"It is an indication of the rapid maturing of a regulator with investigative powers, and embodies its readiness to effectively analyse complex data protection abuses in the context of Singapore's rising prominence as a global data hub," he said. Lawyer Gilbert Leong, a partner at Rodyk & Davidson, said: "Digital forensic experts can help to determine what measures were put in place prior to any data breaches, and may be able to weigh in on whether the measures are reasonable."


Get a copy of The Straits Times or go to for more stories.