The Singapore Government announced yesterday that it has accepted data security recommendations from the Public Sector Data Security Review Committee (PSDSRC).
The committee is chaired by Senior Minister Teo Chee Hean, who is also the Minister-in-charge of Public Sector Data Governance.
Based on the recommendations, public agencies are only allowed to collect and retain an individual’s data only when it is strictly necessary, and have to ensure that they will properly safeguard it.
Central Contact Point To Minimise Confusion
The government will also set up a single contact point in the next few months for the public to report any data incidents like unauthorised copying or disclosures.
The contact point will comprise a website and an email to the Government Data Office (GDO), which currently receives reports from Government agencies on data incidents.
According to the committee, “the central contact point will minimise confusion on where the public may lodge complaints on Government data incidents, and assure the public that an authoritative independent party would follow up on the complaint.”
Additionally, in the event of a data incident involving ministries, statutory boards or other public agencies, anyone affected will have to be notified promptly.
The Government aims to roll out these measures in 80 per cent of its systems by end-2021. The rest which are complex or require significant redesign will follow through by end-2023.
Meanwhile, agencies will put in place appropriate measures to manage the relevant data risks.
“Data Is The Lifeblood Of The Digital Economy”
In a letter accepting the committee’s recommendations, PM Lee Hsien Loong said: “Data is the lifeblood of the digital economy and a digital government. We need to use and share data as fully as possible to provide better public services.
“In doing so, we must also protect the security of the data and preserve the privacy of individuals, and yet not stifle digital innovation.”
He added that given the amount of data the Government gathers, it must do all it can to minimise the risk of data security incidents.
As part of government efforts to improve data security, all public sector officers also have to undergo an annual data security training programme.
Third-party vendors handling government data who misuse personal data will also come under the Personal Data Protection Act (PDPA), following changes to the Act which will likely be announced next year.
This means that these agents of government, who were previously exempt from the PDPA, will be liable to financial penalties of up to S$1 million.
Featured Image Credit: Pixabay