Government will continue to work with private sector over data security: SM Teo

Senior Minister Teo Chee Hean noted that many organisations in both the public and private sectors today are data-driven and both sectors "offer good examples of how to maintain high integrity of data".
Senior Minister Teo Chee Hean noted that many organisations in both the public and private sectors today are data-driven and both sectors "offer good examples of how to maintain high integrity of data".PHOTO: MCI

SINGAPORE - The public and private sector will work as partners when it comes to dealing with data security, said Senior Minister Teo Chee Hean, who heads the Public Sector Data Security Review Committee.

He noted that many organisations in both the public and private sectors today are data-driven and both sectors "offer good examples of how to maintain high integrity of data".

SM Teo was speaking at a press conference about his committee's recommendations, which were released on Wednesday (Nov 27).

Adding that the two sides will continue to work together in the future, he said: "We have benefited greatly from the perspectives that the private sector members have brought to the committee."

Besides Mr Teo and four ministers involved in Singapore's Smart Nation efforts - Dr Vivian Balakrishnan, Mr S. Iswaran, Mr Chan Chun Sing, and Dr Janil Puthucheary - the committee comprises private sector representatives with expertise in data security and technology.

Mr Teo, who is also the Minister-in-Charge of Public Sector Governance, noted how data security-related legislation and guidelines for the public and private sectors constantly referenced one another over the years.

He cited how the Ministry of Communications and Information may apply a certain provision of the Public Sector Governance Act, which penalises public officers who egregiously breach data privacy, to the Personal Data Protection Act, which is a data protection law for the private sector.

"So actually, we are learning from each other the best practices, the best standards," he said.

Mr Chan, who is Minister-in-Charge of the Public Service, said at the same press conference that the public service sector "must not think of ourselves in isolation".

 
 
 
 

"The strength of the Singapore system is determined by the weakest link. For us, it is necessary, but not sufficient, to just look at our own internal processes. We must see how we interface with the private sector because only by doing so, can the entire system be robust," he said.

Mr Iswaran, who is Minister-in-Charge of Cybersecurity, made the point that there needs to be an assurance that data security is being taken seriously in both the public and private sector.

Those handling data security should also demonstrate the capability to prevent data breaches, and in the event that a breach should happen, to respond to it quickly. Accountability and transparency are also necessary when such breaches occur, he added.

Dr Balakrishnan, who is Minister-in-Charge of Smart Nation, noted that data security is essential for Singapore's Smart Nation efforts.

"If you don't have data security, we cannot proceed with all the projects and the services that people expect us to deliver," he said.

The other members of the committee are Sir Andrew Witty, chief executive of health services and innovation company Optum; Professor Anthony Finkelstein, the UK Government's Chief Scientific Adviser for National Security; Mr David Gledhill, senior adviser and former chief information officer for DBS; Mr Ho Wah Lee, a former KPMG partner; and Mr Lee Fook Sun, chairman of Ensign Infosecurity.

In a statement, Mr Ho said that with the recommendations, "the Government should be able to prevent, detect and respond swiftly and effectively to data incidents".

 
 
 

Mr Gledhill said the recommendations made are "extremely comprehensive".

"The bar is being set extremely high. Part of the reason they're trying to implement these is that they are extremely strong and broad measures," he said, adding that it helps that a high-level body will oversee public sector data security.

"It not only ensures that current measures are implemented, but that the group is continuously looking at how this is an evolving space... I think things will evolve and the process of (having) a team responsible for always looking forwards is a very, very robust addition."