High-level committee convened to review data security practices across public service

The Public Sector Data Security Review Committee will look into how data is collected and protected by the agencies, vendors and authorised third parties, and recommend improvements.
The Public Sector Data Security Review Committee will look into how data is collected and protected by the agencies, vendors and authorised third parties, and recommend improvements.PHOTO: ST FILE

SINGAPORE - A new committee to review and strengthen data security practices across the entire public service has been set up by the Government, following a series of data-related incidents.

The Public Sector Data Security Review Committee – convened by Prime Minister Lee Hsien Loong – will look into how data is collected and protected by the agencies, vendors and authorised third parties, and recommend improvements.

It will recommend technical measures and capabilities to improve the Government's response to incidents and protection of citizens' data, and develop an action plan to implement them in the immediate and longer term.

In a statement on Sunday (March 31), the Prime Minister's Office (PMO) said the committee will be chaired by Deputy Prime Minister Teo Chee Hean, who is also Coordinating Minister for National Security and Minister-in-charge of Public Sector Data Governance.

It will comprise private sector representatives with expertise in data security and technology, and the four ministers involved in Singapore's Smart Nation efforts.

They are Foreign Minister Vivian Balakrishnan, who is Minister-in-charge of the Smart Nation Initiative; Communications and Information Minister S. Iswaran, who is the Minister-in-Charge of Cyber Security; Trade and Industry Minister Chan Chun Sing, who is Minister-in-charge of the Public Service; and Senior Minister of State for Communications and Information and Transport Janil Puthucheary, who is Minister-in-Charge of the Government Technology Agency.

In its statement, the PMO said the Government has "progressively enhanced" measures to safeguard sensitive data over the years.

 
 
 

"Nevertheless, the Government acknowledges that recent data-related incidents have underlined the urgency to strengthen data security policies and practices in the public sector," it said.

"While individual agencies are investigating and taking action on the specific incidents, this committee will undertake a comprehensive review and incorporate industry and global best practices to strengthen data security across the public sector."

The latest data breach involved the personal information of more than 800,000 blood donors, which was put online improperly for more than two months, being accessed illegally and possibly stolen, a Health Sciences Authority (HSA) vendor responsible for the mistake said on Saturday.

Singapore was also hit by its worst cyber attack in June last year, when hackers went into the database of public healthcare cluster SingHealth and stole the personal data of 1.5 million patients and the outpatient prescription information of 160,000 people, including PM Lee.

The PMO said the committee will consult with international experts and industry professionals from both the private and public sectors, and be supported by an inter-agency task force comprising public officers across the whole of government.

It will submit its findings and recommendations to PM Lee by Nov 30 this year.

"The review will help to ensure that all public sector agencies maintain the highest standards of data governance," the PMO said, adding that the committee's work will complement Singapore's Smart Nation efforts.

"This is essential to uphold public confidence and deliver a high quality of public service to our citizens through the use of data."

Measures introduced by the Government over the years in safeguarding data include rolling out Internet Surfing Separation in 2016, in which confidential data systems are separated from the Internet.

The following year, a policy was introduced to disable USB ports from being accessed by unauthorised devices.

"The Government has also increased the number and types of internal IT audits, to check on agencies' data access and data protection measures," the PMO said.

It also introduced measures last year, to detect and respond more quickly to cyber threats that target critical government databases.

The Government was among 11 critical sectors advised by the Cyber Security Agency last August to review their connections to untrusted external networks, following the SingHealth data breach.

The other 10 sectors were: infocomm, energy, aviation, maritime, land transport, healthcare, banking and finance, water, security and emergency, and media.