SINGAPORE, April 1 — In the wake of several data-related incidents over the past year, Singapore Prime Minister Lee Hsien Loong has formed a committee to conduct a comprehensive review of data security practices across the entire public service.
In a press release issued yesterday, the Prime Minister’s Office (PMO) said that the committee will look at measures and processes related to the collection and protection of citizens’ personal data by public sector agencies, as well as vendors who handle personal data on behalf of the government.
The committee will recommend technical measures, processes and capabilities to improve the government’s protection of citizens’ data and its response to incidents.
It will also develop an action plan with immediate steps and long-term measures.
The committee will be chaired by Deputy Prime Minister Teo Chee Hean, who is also the minister-in-charge of public sector data governance.
Other members include ministers involved in the country’s Smart Nation efforts — Dr Vivian Balakrishnan, S. Iswaran, Chan Chun Sing and Janil Puthucheary — as well as data security and technology experts from the private sector.
The committee will consult with international experts and industry professionals from the private and public sectors. An inter-agency taskforce, comprising public officers across the whole government, will support its efforts.
The committee will submit its findings and recommendations to Lee by Nov 30 this year.
While the government has progressively enhanced security measures to safeguard sensitive data over the years, it acknowledged that recent incidents — such as the HIV data leak and SingHealth cyber attack — have “underlined the urgency to strengthen data security policies and practices in the public sector”.
The security measures included disallowing unauthorised USB storage devices to be used at all public sector agencies in 2017, and cutting off Internet access from public servants’ work computers in 2016.
The government also stepped up internal IT audits, and introduced measures in 2018 to detect and respond more quickly to cyber threats targeting critical government databases.
“This review will help to ensure that all public sector agencies maintain the highest standards of data governance. This is essential to uphold public confidence and deliver a high quality of public service to our citizens through the use of data,” the PMO added.
Data incidents
June to July 2018: Hackers broke into SingHealth’s IT systems to steal the personal data of 1.5 million patients, as well as the outpatient medical records of 160,000 of them, including that of Lee. It is considered the most serious breach of personal data in Singapore’s history.
January 2019: American fraudster Mikhy K. Farrera-Brochez leaked online the confidential records of 14,200 individuals diagnosed with the human immunodeficiency virus, including those of 5,400 Singaporeans and permanent residents.
February 2019: Human error led to about 7,700 people receiving the wrong healthcare subsidies under the Community Health Assistance Scheme (Chas).
March 2019: A vendor of the HSA compromised the data of more than 800,000 blood donors. In an update on Saturday, it was revealed that the information was illegally accessed and possibly extracted. — TODAY
