Computer Misuse and Cybersecurity Act 2017 - Supplying Personal Information

The Computer Misuse and Cybersecurity Act of Singapore was amended in 2017 to include new offences - This is one of them:
Supplying, etc., personal information obtained in contravention of certain provisions
8A.
—(1)  A person shall be guilty of an offence if the person, knowing or having reason to believe that any personal information about another person (being an individual) was obtained by an act done in contravention of section 3, 4, 5 or 6 —
(a)
obtains or retains the personal information; or
(b)
supplies, offers to supply, transmits or makes available, by any means the personal information.

(2)  It is not an offence under subsection (1)(a) if the person obtained or retained the personal information for a purpose other than —
(a)
for use in committing, or in facilitating the commission of, any offence under any written law; or
(b)
for supply, transmission or making available by any means for the personal information to be used in committing, or in facilitating the commission of, any offence under any written law.

(3)  It is not an offence under subsection (1)(b) if —
(a)
the person did the act for a purpose other than for the personal information to be used in committing, or in facilitating the commission of, any offence under any written law; and
(b)
the person did not know or have reason to believe that the personal information will be or is likely to be used to commit, or facilitate the commission of, any offence under any written law.
     Example 1.— A comes across a list of credit card numbers on the Internet belonging to individuals who are customers of B, which A has reason to believe were obtained by securing access without authority to B’s server. A downloads the list for the purpose of reporting the unauthorised access to B’s server to the police.
       A retains the list of credit card numbers and transmits it to B for the purpose of informing B of the unauthorised access to B’s server.
      A has downloaded and retained the list of credit card numbers for purposes other than those mentioned in subsection (2)(a) and (b). Therefore A does not commit an offence under subsection (1)(a) by reason of subsection (2).
    A has transmitted the list to B for a purpose other than for it to be used in committing or in facilitating the commission of an offence. If A did not know or have reason to believe that the list so transmitted will be or is likely to be used to commit or facilitate the commission of an offence, then A does not commit an offence under subsection (1)(b) by reason of subsection (3).


Comments

Popular Posts