SINGAPORE - Public sector officers who share the personal data of Singaporeans without authorisation can now be fined up to $5,000, jailed for up to two years, or both.
The same applies to those who make use of data to benefit themselves or re-identify anonymised data without authorisation.
The criminal penalties are among new laws to formalise the data-sharing framework between public sector agencies.
The Public Sector (Governance) Bill, passed by Parliament on Monday (Jan 8), also states that agencies requesting data, not just those that own it, are now responsible for protecting that data.
Education Minister (Higher Education and Skills) Ong Ye Kung, who leads public service innovation efforts, said data sharing is already practised by the public service, for instance in the MyInfo platform which automatically fills out application forms for online government service transactions when a user logs in using a SingPass.
Non-identifiable data is shared to improve policy analysis, planning and formulation, said Mr Ong. For example, the Education Ministry can use data on past education, family background, jobs and careers to better understand the relationship between education and careers.
Centralised agencies will be set up to ensure raw data is properly anonymised before being released to relevant agencies for analysis, he added.
He also said that identifiable personal data is shared when services, such as social assistance, need to be better delivered to individuals.
"Cross-agency data-sharing initiatives are already happening today, because technology has made it possible. But we need to strengthen the rules, which were written before we could envisage how we can leverage data to improve our work and deliver services better," said Mr Ong, explaining the rationale for the Bill.
The Bill lists seven specific purposes under which data can be shared between public sector agencies, such as to improve the efficiency or effectiveness of policy planning and service delivery, and to support a whole-of-government approach in public sector work.
Besides dealing with data sharing and security, the new laws also standardise the way statutory boards are run. Mr Ong said this is necessary as not all the constituting Acts of the 61 statutory boards covered by the Bill contain uniform provisions for good governance, as they were written at different times.
The rules cover areas including empowering the minister in charge of the agency to give it directions on its work and requiring governing board members to disclose any conflicts of interest.
Fifteen MPs rose to speak on the Bill. Many spoke in favour of greater sharing of data between public sector agencies to make processes smoother.
Mr Zaqy Mohamad (Chua Chu Kang GRC) highlighted how many residents with welfare appeals give up on schemes or benefits because of the onerous process of having to provide updated documents each time assistance has to be renewed.
But he and other MPs like Mr Patrick Tay (West Coast GRC), Mr Gan Thiam Poh (Ang Mo Kio GRC) and Nominated MP Chia Yong Yong raised concerns about data security and storage.
"Once the data is leaked, even if we can penalise the officer, there is no retrieving the data back. I would like to hear how the Government plans to balance security, governance and accessibility of data," said Mr Zaqy.
Mr Ong assured MPs that sensitive data protected by legislation would remain protected.
Also, he noted that sensitive information such as identifiable data will be stored in databases with more limited access and additional protection. Public servants' access rights to data will continue to be prescribed based on security clearance and authorisation.