No, sharing passwords in Singapore is generally illegal under the Computer Misuse Act (CMA) and Personal Data Protection Act (PDPA), unless explicitly authorized. Unauthorized access—even with consent—can trigger civil liabilities or criminal charges, particularly if data is exposed. The 2026 PDPA amendments further tighten accountability for data custodians.
Key Regulations for Sharing Passwords in Singapore
- Computer Misuse Act (CMA) Section 3(1): Prohibits unauthorized access to computer systems, including password sharing that facilitates breaches. Penalties include fines up to S$10,000 and/or 3 years imprisonment.
- Personal Data Protection Act (PDPA) Section 24: Mandates strict protection of personal data. Sharing passwords that grant access to such data violates the duty of care, risking fines up to S$1 million or 10% of annual turnover.
- Sector-Specific Rules (e.g., MAS, PDPC Guidelines): Financial institutions under MAS must enforce multi-factor authentication (MFA), while PDPC’s 2024 advisory warns against password sharing in corporate settings, citing heightened phishing risks.
Enforcement prioritizes intent and potential harm. Even if no breach occurs, authorities may investigate under the CMA’s broad “dishonest intent” clause. Corporate policies must align with PDPC’s 2026 enforcement roadmap, which introduces stricter breach notification timelines.