Executive Programme 2024
Legal & IT Governance
Data Protection Governance & Laws in Singapore
Registration for the Legal & IT Governance seminar is now closed.
If you would like more information about this programme or details about upcoming sessions, please click the button below to contact us.
Speaker’s Profile
KK Lim
Partner – Clayton Law LLC
KK’s practice areas include cybersecurity, data protection, technology investment, employment, and private client advisory. Before joining the Bar, he spent nearly 35 years in different roles with global MNCs, locally listed entities, and the Singapore Government.
He is a graduate of the University of Texas (Austin), Monash University Law School (Australia), National University of Singapore (Law Faculty) and Wealth Management Institute (NTU). He is also an affiliate member of STEP. He also holds multiple technical qualifications and professional memberships in information security and audit, cyber incident response and cybersecurity management. Whilst as Founding Chair of the Cybersecurity and Data Protection Practice Committee of the Law Society of Singapore, he led the Committee in developing the Cybersecurity Practice Guide for lawyers as well as developing the Cybersecurity Guide for charities in Singapore for the Commissioner of Charities, Ministry of Culture, Community & Youth (MCCY).
Current global surveys of IT leaders across many countries expect their budgets for data protection to continue on a healthy growth trajectory, including additional spending of up to 8% annually.
The number of countries and the proportion of the economies of these countries going digital resulted in recognising the importance of data protection and privacy. As a result, 137 out of 194 countries have put in place legislation to secure data and privacy protection. Only 15% of the countries still need legislation in place. At the Association of Southeast Asian Nations level (ASEAN) Digital Ministers’ Meeting (ADGMIN) approved the ASEAN Data Management Framework (DMF) and Contractual Model Clauses for Cross Border Data Flows (MCCs) on 22 Jan 2022.
The two-day course will briefly cover Data Governance (“DG”) within the broad discipline of Information Technology Governance (“ITG”). The discussion of ITG and DG serves as a context for the focus discussion of the relevant data protection and privacy legislation.
It will be followed by another two-day course (Module 2) introducing the importance of Incident Response and Data Breach Management Framework. We would be laying down the current mandatory reporting requirements and some important considerations to understand technical and social media in data breach.
Course Description
Data governance is generally defined as how an organisation manages its data by setting data policies on how data is gathered, stored, processed, and disposed
of. An essential aspect of data governance is access control to the data. The access control may need to comply with specific industry standards or a regulatory agency regulating that organisation in its jurisdiction. As the value of data is recognised by both Government and commercial organisations for different reasons, data governance is increasingly regulated in many countries.
Concerning Singapore, we will examine the legal policy behind a specific piece of legislation, followed by a focus examination of the legislation and regulations.
We will examine the following legislation in this course:
- The Personal Data Protection Act (“PDPC”) (2012)
- The Cybersecurity Act of 2018; and
- The Computer Misuse Act (“CMA”) (1993).
The course will continue to examine as part of data management the demand for cross border data transfer and management and data localization within Asean.
To conclude the course, we will examine incident response and data breach management. Here will cover the key principles and processes involved apart from mandatory legal reporting in incident reporting. For example, what is an incident may not be a data breach and vice versa. The participant will also have an overview of the different parties required to handle an incident within a company in tandem with other professionals in different fields such as information technology, marketing, human resource, and media within the company.
Module 1:
24-25 January 2024
Module 2:
21-22 Februrary 2024
Location:
Assas campus, Singapore
Online attendance is also available
Programme Overview
Module 1: Day 1 | Wednesday 24th January 2024
– Singapore’s legal policy in data governance
Module 1: Day 2 | Thursday 25th January 2024
Module 2: Day 1 | Wednesday 21th Frebruary 2024
We assume participants have attended Module 1 before taking this Module.
Module 2: Day 2 | Thursday 22th February 2024
We assume participants have attended Module 1 before taking this Module.
Fees:
- SGD 580 or EUR 400 for 1 module
CPD Accreditation:
CPD points: 12 Public CPD Points
(6 Public CPD Points per module, 3 Public CPD Points each day)
Practice area: Data Protection & Privacy
Training category: General
Participants who wish to obtain CPD Points are reminded that they must comply strictly with the Attendance Policy set out in the CPD Guidelines. For participants attending the face-to-face activity, this includes signing in on arrival and signing out at the conclusion of the activity in the manner required by the organiser, and not being absent from the entire activity for more than 15 minutes. For those participating via the webinar, this includes logging in at the start of the webinar and logging out at the conclusion of the webinar in the manner required by the organiser, and not being away from the entire activity for more than 15 minutes. Participants may obtain 3 Public CPD Points for each day of the event on which they comply strictly with the Attendance Policy. Participants who do not comply with the Attendance Policy will not be able to obtain CPD Points for attending the activity. Please refer to www.sileCPDcentre.sg for more information.