PDPA 2012: Personal Data Protection Act - Primary legislation governing the collection, use, disclosure, and care of personal data in Singapore. Critical for determining what logging data constitutes personal data and how it should be protected.
Cybersecurity Act 2018: Establishes framework for protection of Critical Information Infrastructure (CII) and creates requirements for cybersecurity incident reporting and system audits, including specific logging requirements.
Computer Misuse Act: Deals with unauthorized access and modification of computer material, requiring appropriate logging to detect and investigate such incidents.
Evidence Act: Contains provisions regarding the admissibility of electronic records as evidence, affecting how logs must be maintained to be legally admissible.
MAS TRM Guidelines: Monetary Authority of Singapore's Technology Risk Management Guidelines - Provides detailed requirements for system logging and monitoring in financial institutions.
MAS Notice on Cyber Hygiene: Mandatory requirements for financial institutions regarding cybersecurity practices, including logging and monitoring requirements.
PDPC Advisory Guidelines: Guidelines from Personal Data Protection Commission providing interpretation and practical guidance on PDPA implementation, including logging of data access and processing.
PDPC DPIA Guide: Guide to Data Protection Impact Assessments - Helps organizations assess and address risks in data handling processes, including logging and monitoring systems.
ISO 27001:2013: International standard for information security management systems, providing framework for security logging and monitoring controls.
ISO 27701:2019: Extension to ISO 27001 specifically addressing privacy information management, relevant to logging of personal data processing activities.
