Public agencies in Singapore will approach citizen data breaches on a case-by-case basis, Dr Janil Puthucheary, Senior Minister of State for Communications and Information and Transport, said in Parliament yesterday.
"There are guidelines about how public sector officials should handle the matter of a data breach involving citizens' particulars... There is no absolute requirement," he said in his reply to questions from MPs on the standards for disclosing public sector-related data breaches.
"We do need to look at every case, and we do need to look at the issue at hand as to what has been accessed, what are the circumstances and what the potential impact would be on the citizen to be involved in that process thereafter," said Dr Janil, who is in charge of the Government Technology Agency (GovTech).
Workers' Party chairman Sylvia Lim (Aljunied GRC) had asked whether affected citizens have the right to know, and in a timely manner, if their data has been compromised while in the care of public agencies. Nominated MP Walter Theseira had also asked similar questions.
Even though there is no mandatory reporting requirement, there are guidelines on how citizens should be approached.
"The situation needs to be taken on a case-by-case basis and all the factors that are relevant need to be taken into account," he added, during the debate on the budget for the Prime Minister's Office, which GovTech comes under.
Ms Lim cited the case of a police station inspector who, in February 2016, had illegally accessed the computer system at his workplace to check on the phone records of a man whom he suspected of having an affair with his wife. The case was made public last month.
Dr Janil assured the House that the Government has increased the number and types of internal IT audits to check on agencies' data protection measures.
Among the implemented measures is the disabling of USB ports to keep out unauthorised devices.
"We will continually review our standards and measures, and will incorporate lessons learnt and industry's best practices," he said.
Should citizens suspect their data has been misused or hacked, they can complain to GovTech, or make a police report if a crime is suspected. "Complaints will be thoroughly investigated and appropriate action taken," he said.