The Government is held to the same, if not higher, standard of responsibility as the private sector in terms of personal data protection, said Communications and Information Minister S. Iswaran yesterday.
He said this to Workers' Party chairman Sylvia Lim (Aljunied GRC), who had asked if public agencies could be included in the Personal Data Protection Act (PDPA) in the light of recent public data breaches like the one affecting SingHealth.
Mr Iswaran pointed to the Public Sector (Governance) Act (PSGA), which he said has safeguards for personal data in the public sector, including criminalising the misuse of data by public servants.
These data protection standards are aligned with the PDPA, he said, adding that personal information collected by the public sector is also protected by other laws such as the Official Secrets Act, the Income Tax Act and the Statistics Act.
Said Mr Iswaran: "Collectively, these laws impose a high standard of responsibility on all public agencies, with additional requirements for the protection of sensitive or confidential data."
Mandatory audits are conducted regularly to ensure these agencies comply with data protection standards, he added.
Mr Iswaran, who is also the Minister-in-charge of Cyber Security, said in response to Ms Lim that there will be recourse for people whose data is compromised, and that all complaints will be investigated.
Singapore's privacy watchdog, the Personal Data Protection Commission, does receive complaints about the public sector, he said. It then refers the matter to relevant government agencies.
He also listed other avenues that people can turn to should they feel their data has been compromised.
These include the Government Technology Agency, the ministry overseeing the relevant public agency, as well as the police, if people feel a crime has been committed.
The PSGA allows personal data to be managed as a common resource within the different agencies in the public sector for better policymaking, Mr Iswaran said.
It also allows for more responsive public services by making the sharing of information across agencies possible.
In contrast, private organisations are expected to be individually responsible for the personal data in their possession. There is also no expectation of a similar integrated delivery of services across different commercial organisations.
These differences mean that there has to be different approaches to the protection of personal data in both the public and private sectors, Mr Iswaran said.
He added that the Government will continue to update the laws that protect personal information here.
"We will regularly review the PDPA, the PSGA and other legislation to ensure that they remain relevant and effective in safeguarding personal data in both the public and private sectors," he said.