Kudos to the Ministry of Health for swiftly investigating, rectifying and remediating the IT error caused by an external vendor (Chas subsidies for about 7,700 people miscalculated due to IT error: MOH, Feb 16).
The trend of huge amounts of personal data collected and transferred to third-party organisations is expected to grow exponentially, as the processing and analysis of large amounts of personal data become possible with new technology.
We should be prepared for more of such data errors and breaches in public and private institutions.
The last revision of our Personal Data Protection Act (PDPA), which establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data, was in 2012.
It is time to evaluate and make changes to the Act.
First, Singapore should consider instituting a chief information commissioner, in charge of the protection of personal data across public and private institutions, similar to India, the United Kingdom and Australia.
Second, the Info-communications Media Development Authority of Singapore should consider joining the International Conference of Data Protection and Privacy Commissioners forum to share best practices of more than 120 countries and organisations in the world in a timely manner.
Third, we should mandate a certain period of time within which organisations have to make public data breaches in public and private entities as part of the PDPA.
Such legislation is already in place in Australia, UK and Finland.
This will prevent any unfair accusation of covering up by organisations, which have to deal with sensitive matters and do not have any clear guidelines under the legal provisions to fall back on.
How we deal with future incidents is vital so as not to destroy the integrity of our public institutions.
These revisions will entrench our competitiveness and reputation as a trusted business hub, and will attract more investments to Singapore.
Edward Tay Wee Meng