Committee to review data security in public service

The Public Sector Data Security Review Committee will look into how data is collected and protected by the agencies, vendors and authorised third parties, and recommend improvements.
The Public Sector Data Security Review Committee will look into how data is collected and protected by the agencies, vendors and authorised third parties, and recommend improvements.PHOTO: ST FILE

It will look at how information is collected and protected, and recommend improvements

A new committee to review and strengthen data security practices across the entire public service has been set up by the Government following a series of data-related incidents.

The Public Sector Data Security Review Committee - convened by Prime Minister Lee Hsien Loong - will look into how data is collected and protected by the agencies, vendors and authorised third parties, and recommend improvements.

It will recommend technical measures and capabilities to improve the Government's response to incidents and protection of citizens' data, and develop an action plan to implement them in the immediate and longer term.

In a statement yesterday, the Prime Minister's Office (PMO) said the committee will be chaired by Deputy Prime Minister Teo Chee Hean, who is also Coordinating Minister for National Security and Minister-in-charge of Public Sector Data Governance.

It will include private sector representatives with expertise in data security and technology, and the four ministers involved in Singapore's Smart Nation efforts.

They are Foreign Minister Vivian Balakrishnan, Minister-in-charge of the Smart Nation Initiative; Communications and Information Minister S. Iswaran, Minister-in-charge of Cyber Security; Trade and Industry Minister Chan Chun Sing, Minister-in-charge of the Public Service; and Senior Minister of State for Communications and Information and Transport Janil Puthucheary, who is in charge of the Government Technology Agency.

The Government has "progressively enhanced" measures to safeguard sensitive data over the years, though it also acknowledges that recent data-related incidents have underlined the urgency to strengthen data security policies and practices in the public sector, said the PMO.

 
 
 

It added: "While individual agencies are investigating and taking action on the specific incidents, this committee will undertake a comprehensive review and incorporate industry and global best practices to strengthen data security across the public sector."

The latest data breach involved the personal information of more than 800,000 blood donors being accessed illegally and possibly stolen, after being put online improperly for more than two months, a Health Sciences Authority vendor responsible for the error said on Saturday.

The PMO said the committee will consult international experts and industry professionals from both the private and public sectors, and be supported by an inter-agency task force comprising public officers across the whole of government. It will submit its findings and recommendations to PM Lee by Nov 30.

Measures introduced by the Government over the years in safeguarding data include rolling out Internet surfing separation in 2016, in which confidential data systems are separated from the Internet. The following year, a policy was introduced to disable USB ports from being accessed by unauthorised devices. "The Government has also increased the number and types of internal IT audits to check on agencies' data access and data protection measures," the PMO said.

It also introduced measures last year to detect and respond more quickly to cyber threats that target critical government databases.

The Government was among 11 critical sectors advised by the Cyber Security Agency last August to review connections to untrusted external networks. The other 10 were infocomm, energy, aviation, maritime, land transport, healthcare, banking and finance, water, security and emergency, and media.

The PMO said the new committee's work will help ensure all public agencies maintain the highest standards of data governance.

"This is essential to uphold public confidence and deliver a high quality of public service to our citizens through the use of data," it added.

SEE TOP OF THE NEWS

A version of this article appeared in the print edition of The Straits Times on April 01, 2019, with the headline 'Committee to review data security in public service'. Print Edition | Subscribe