Aspate of past and more recent cyber-security breaches has drawn attention to Singapore's vulnerability on a key front: data protection. For example, the Singapore Accountancy Commission, a statutory board under the Ministry of Finance, unintentionally disclosed the personal data of 6,541 people to more than 40 recipients over four months this year. Then, in March, the personal data of 800,000 blood donors was uploaded on an unauthorised server. That occurred even after the attack in June last year, when hackers stole the data of 1.5 million SingHealth patients and the outpatient prescription information of 160,000 people, including Prime Minister Lee Hsien Loong.
In a fresh move to prevent the loss of data, public agencies now will collect and retain an individual's data only when it is strictly necessary. They will also make sure that the data is properly safeguarded, adopting new measures that will be rolled out across the entire public service. Importantly, third-party vendors handling government data who misuse personal data will also come under the Personal Data Protection Act (PDPA). These agents of government, who were previously exempt from the PDPA, will be liable to its hefty financial penalties of up to $1 million. These measures are a welcome response to data breaches that were appearing to become a new normal in Singapore's digital society.