Public sector officers who share the personal data of Singaporeans without authorisation can now be fined up to $5,000, jailed for up to two years, or both.
The same applies to those who make use of data to benefit themselves or re-identify anonymised data without authorisation.
The criminal penalties are among new rules to formalise the data-sharing framework between public sector agencies.
The Public Sector (Governance) Bill, passed by Parliament yesterday, also states that agencies requesting data, not just those that own it, are now responsible for protecting that data.
Education Minister (Higher Education and Skills) Ong Ye Kung, who leads public service innovation efforts, said data sharing is already practised by the public service.
Non-identifiable data is shared to improve policy analysis, planning and formulation, said Mr Ong. For example, the Education Ministry can use data on past education, family background, jobs and careers to better understand the relationship between education and careers.
Centralised agencies will be set up to ensure raw data is properly anonymised before it is released to relevant agencies for analysis, he added. He also said identifiable personal data is shared when services, such as social assistance, need to be better delivered to individuals.
RULES MUST BE STRENGTHENED
Cross-agency data-sharing initiatives are already happening today, because technology has made it possible. But we need to strengthen the rules, which were written before we could envisage how we can leverage data to improve our work and deliver services better.
EDUCATION MINISTER (HIGHER EDUCATION AND SKILLS) ONG YE KUNG
"Cross-agency data-sharing initiatives are already happening today, because technology has made it possible. But we need to strengthen the rules, which were written before we could envisage how we can leverage data to improve our work and deliver services better," said Mr Ong.
The Bill lists seven purposes under which data can be shared among public sector agencies, such as to improve the efficiency or effectiveness of policy planning and service delivery, and to support a whole-of-government approach in public sector work.
The new law also standardises the way statutory boards are run, for instance, requiring governing board members to disclose any conflicts of interest. Mr Ong said this is necessary as not all the constituting Acts of the 61 statutory boards covered by the Bill contain uniform provisions for good governance, as they were written at different times.
Fifteen MPs rose to speak on the Bill. Many spoke in favour of greater sharing of data to make processes smoother. Mr Zaqy Mohamad (Chua Chu Kang GRC) said many residents with welfare appeals are put off by the onerous process of having to provide updated documents each time assistance has to be renewed.
But he and other MPs like Mr Patrick Tay (West Coast GRC), Mr Gan Thiam Poh (Ang Mo Kio GRC) and Nominated MP Chia Yong Yong raised concerns about data security.
"Once the data is leaked, even if we can penalise the officer, there is no retrieving the data... I would like to hear how the Government plans to balance security, governance and accessibility of data," said Mr Zaqy.
Mr Ong assured MPs sensitive data protected by legislation would remain protected. He noted that sensitive information will be stored in databases with more limited access and additional protection. Public servants' access rights to data will continue to be prescribed based on security clearance and authorisation.