SINGAPORE - The Government is held to the same, if not higher, standard of responsibility compared with the private sector in terms of personal data protection, said Communications and Information Minister S. Iswaran.
He said this on Tuesday (Feb 12) to Workers' Party chairman Sylvia Lim (Aljunied GRC), who had asked if public agencies could be included in the Personal Data Protection Act (PDPA), in the light of recent public data breaches like the SingHealth data breach.
Mr Iswaran pointed to the Public Sector (Governance) Act (PSGA), which he said has safeguards for personal data in the public sector, including criminalising the misuse of data by public servants.
These data protection standards are aligned with the PDPA, he said, adding that personal information collected by the public sector is also protected by other laws, such as the Official Secrets Act, the Income Tax Act and the Statistics Act.
Said Mr Iswaran: "Collectively, these laws impose a high standard of responsibility on all public agencies, with additional requirements for the protection of sensitive or confidential data."
Mandatory audits are conducted regularly to ensure these agencies comply with data protection standards, he added.
Mr Iswaran, who is also the Minister-in-charge of Cyber Security, told Ms Lim that there will be recourse for people whose data is compromised, and that all complaints will be investigated.
Singapore's privacy watchdog, the Personal Data Protection Commission, does receive complaints about the public sector, he said. It then refers the matter to the relevant government agencies.
He added there are also other avenues should people feel that their data has been compromised. These include turning to the Government Technology Agency, the ministry overseeing the relevant public agency, and the police, if they feel a crime has been committed.
The PSGA allows personal data to be managed as a common resource within different agencies in the public sector for better policymaking, Mr Iswaran said.
It also allows for more responsive public services by making the sharing of information across agencies possible.
In contrast, private organisations are expected to be individually responsible for the personal data in their possession. There is also no expectation of a similar integrated delivery of services across different commercial organisations.
These differences mean that there has to be different approaches to the protection of personal data in both the public and private sectors.
Mr Iswaran said that the Government will continue to update the laws that protect personal information here.
"We will regularly review the PDPA, the PSGA and other legislation to ensure that they remain relevant and effective in safeguarding personal data in both the public and private sectors," he said.