Personal Data Protection Act (PDPA) 2012: Singapore's primary data protection legislation that governs the collection, use, disclosure, and protection of personal data. Essential for phishing policy as it mandates how organizations must protect personal data from unauthorized access and cyber threats.
Computer Misuse Act (CMA): Legislation that criminalizes unauthorized access to computer systems and data. Relevant for defining phishing attacks as criminal acts and establishing the legal basis for protection measures.
Cybersecurity Act 2018: Framework for the protection of Critical Information Infrastructure (CII) and cybersecurity incident reporting. Provides guidelines for cybersecurity threat management and incident response.
Spam Control Act (SCA): Legislation controlling unsolicited commercial electronic messages, relevant for addressing email-based phishing attempts and establishing electronic communication guidelines.
CSA Guidelines: Singapore's Cyber Security Agency guidelines providing best practices for cybersecurity management and protection against cyber threats including phishing.
PDPC Guidelines: Personal Data Protection Commission's detailed guidance on implementing data protection measures and handling data breaches, including those resulting from phishing attacks.
MAS Technology Risk Management Guidelines: Monetary Authority of Singapore's guidelines for financial institutions, covering cybersecurity measures including anti-phishing controls and incident response.
ISO/IEC 27001: International standard for information security management systems, providing framework for securing information assets and managing cybersecurity risks.
ISO/IEC 27032: International guidelines specifically focused on cybersecurity, including measures to prevent and detect phishing attacks.
National Cybercrime Action Plan: Singapore's national strategy for combating cybercrime, including measures against phishing and other cyber threats.
PDPC's Guide to Data Protection by Design: Guidelines for incorporating data protection considerations into the design and architecture of IT systems and business processes to prevent data breaches including those from phishing.
