Actions to protect personal data constantly enhanced

Updated
Feb 22, 2019, 06:09 AM
Published
Feb 22, 2019, 05:00 AM

We refer to the letter (Time to admit, fix mistake and move on, Feb 16) by Mr Patrick Tan Siong Kuan, who shared his views on the public sector's data governance standards.

Communications and Information Minister S. Iswaran's statement clarified that the public sector was bound to the same if not higher standards than the private sector, due to the Public Sector (Governance) Act and the accompanying internal rules.

Examples of these rules include the requirement for all files containing personal data to be protected with a strong password, and for agencies to undergo regular and mandatory internal audits for compliance to security requirements.

Mr Tan mentioned the high data security standards of financial institutions.

The Government continuously learns from such best practices by the private sector, as well as the mistakes made by companies, to further strengthen our data governance.

For example, in 2015, SingPass - the gateway to hundreds of Government digital services - was enhanced to include a two-factor authentication process for government digital transactions involving sensitive data.

We also implemented measures to secure and manage privileged accounts with access to sensitive data.

We agree with Mr Tan that the security protocols for the HIV Registry in 2012-2013 were inadequate, especially by today's standards.

The Government has progressively enhanced security measures to safeguard sensitive data.

The Internet surfing separation policy was introduced in 2016, and the disabling of USB ports from being accessed by unauthorised devices was introduced in 2017.

These measures guard against the unauthorised extraction of large quantities of data from Government systems.

We have also increased the number and types of internal IT audits, to check on agencies' data access and data protection measures.

Mr Tan rightly pointed out that even a highly secure and robust system could be compromised by errant individuals who wilfully flout policies and rules.

The Government takes seriously its responsibility as a steward of the citizen and business data it collects.

We will continuously review our standards and measures to safeguard personal data, and will incorporate lessons from recent incidents, as well as relevant industry best practices, to update and improve the public sector's data security policies.

Quek Su Lynn (Ms)

Director, Government Data Office

Smart Nation and Digital Government Office

Prime Minister's Office

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on February 22, 2019, with the headline Actions to protect personal data constantly enhanced. Subscribe

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top