No legislation or common law that protects the privacy of information upon which an individual can be directly or indirectly identified, save in respect of banker-customer relationship where banks are under a legal duty to keep customer information confidential.
No legislation or common law that protects the privacy of information upon which an individual can be directly or indirectly identified, save in respect of banker-customer relationship where banks are under a legal duty to keep customer information confidential.
Definition of personal data
No legal definition.
Definition of sensitive personal data
No legal definition.
Nil.
No legal requirement.
No legal requirement.
Not a regulated activity.
Not a regulated activity.
Not a regulated activity save in relation to a “Financial Institution” – see Mandatory Breach Notification.
Mandatory Breach Notification
No legal requirement save in relation to a “Financial Institution” (i.e. banks, insurance companies, moneylenders, pawnbrokers, moneychangers and securities service providers licensed in Brunei Darussalam). A Financial Institution is obliged to report to the Technology Risk Supervision of Autoriti Monetari Brunei Darussalam (central bank of Brunei Darussalam) all instances of cyber intrusion, disruption, malfunction, error or cybersecurity issues on a Financial Institution’s system, server, network or end-point whether or not causing any or any severe or widespread impact on the operations and service delivery or has a material impact on the Financial Institution.
No enforcement authority.
No legal requirement to have privacy policies.
No legal requirement to have privacy policies.

