Change in law proposed to pave the way for public-private sector data sharing
Sign up now: Get ST's newsletters delivered to your inbox
The proposed amendments also aim to provide more clarity on data sharing between the public and private sector.
PHOTO ILLUSTRATION: TNP FILE
Follow topic:
SINGAPORE – Changes to existing laws have been proposed to pave the way for public agencies to share data that may involve individuals or businesses with the private sector.
The authorities are also considering imposing criminal penalties on individuals from the private sector if they are found to have abused the data shared with them when working with the Government.
This proposed update to the Public Sector Governance Act (PSGA), first rolled out in 2018 to hold public servants accountable, is being discussed in a public consultation slated to end on Sept 2.
“The amendments aim to enhance the use of data to deliver better services to Singaporeans,” said the Ministry of Digital Development and Information (MDDI) in its consultation paper published on Aug 12.
The proposed amendments aim to provide more clarity on data sharing between the public and private sector.
This comes as the Government increasingly works with community groups and the private sector to deliver services to the public, and may need to share government data sets involving individuals or businesses, facts and statistics with external parties, said MDDI.
For example, to help community organisations deliver social assistance to Singaporeans in need, or provide health-related support to the elderly, the public sector may need to share with them timely and accurate lists of eligible individuals, along with their contact and eligibility details.
Likewise, trade associations require insights into the needs of businesses so that they can better tailor support schemes for small and medium enterprises, the ministry added.
With the proposed changes to the PGSA, the law would provide a clear legal basis for public sector agencies to share data with authorised external partners.
The amendments will enable public sector agencies to authorise an external partner to receive data that is required for the services they are delivering on behalf of the public sector.
The minister of the public sector agency, or a qualified person appointed by such minister, must authorise the data sharing.
PSGA was designed to provide a clear legal basis for data sharing across the public sector. It details data protection and data sharing requirements for public agencies.
In some instances, standards for public agencies are more stringent than the Personal Data Protection Act (PDPA), which applies to the private sector. For example, the PSGA imposes criminal penalties on individual public officers who flout rules.
The PSGA was tightened following Singapore’s worst cyber attack in June 2018
Also in 2018, there were two other severe data leaks in the public sector. One involved the unauthorised disclosure of the confidential data of 14,200 patients from the Ministry of Health’s HIV registry. The second involved the unauthorised access of 223 case files due to a vulnerability in the State Courts’ online system.
Under the proposed changes, individuals with external parties who misuse shared data may be subject to the same level of penalties as public officers under the PSGA.
The PSGA criminalises the acts of unauthorised disclosure of data, misuse of data and the re-identification of individuals from anonymised data. Public officers found guilty of these offences can be fined up to $5,000 and can face a jail term of up to two years.
In addition, the PDPA obligations and penalties will continue to apply for these external partners.
Separately, MDDI proposed to amend the PSGA to clarify that public agencies may use internally the data that they are allowed to share with other public agencies.
“The Government takes seriously its responsibility to protect the data entrusted to the public sector, and will continue to ensure robust data governance, as it seeks to achieve greater public value from the use of data,” said MDDI.
The public has till 5pm on Sept 2 to submit their feedback on the proposed changes via
In response to questions from ST, an MDDI spokesperson said that public sector agencies already share data with external parties to improve implementation of public policies and services, such as in cases where external partners deliver public services on behalf of the Government.
Such sharing is currently supported by existing legal bases, such as the common law concept of public interest, consent, or any other applicable sector-specific legislation that allows data sharing, said MDDI.
Additionally, MDDI said that public sector agencies are currently required to impose data management and security terms of use on external partners whom they share data with, to ensure accountability. These partners are also bound by existing legislation, such as the Personal Data Protection Act and the Official Secrets Act.
“While legal bases for sharing exist today, the proposed PSGA amendments would provide an additional legal basis that is more broadly linked to achieving public sector objectives, so that external partners can deliver new services more effectively,” said MDDI.
The ministry added: “With a new legal basis introduced for data sharing with external partners, the data sharing under this basis should be accompanied with the appropriate requirements and robust safeguards, such as requiring specific authorisation for data sharing, and offences for misuse. This ensures that data shared with external partners is protected and handled responsibly.”
