First set of enhanced data security measures for public sector implemented

Members of the public can flag unauthorised disclosures of government data by completing a form on the Smart Nation website. PHOTO: TNP

SINGAPORE - The public will now be able to whistleblow on suspected data breaches by government agencies under a common framework to safeguard citizens' personal data.

It is among the first set of recommendations by the Public Sector Data Security Review Committee being rolled out after a spate of breaches over the last two years. The common framework will replace current practices being followed by public agencies, many of which devised the protocols themselves.

On Thursday (April 30), the Smart Nation and Digital Government Office (SNDGO) said: "(The new measures) will improve accountability and transparency of the public sector data security regime, and enhance the Government's effectiveness in responding to incidents promptly, and notifying affected individuals in the event of a data incident."

The committee was convened by Prime Minister Lee Hsien Loong in March last year following a spate of cyber security breaches, including the SingHealth incident when hackers stole the data of 1.5 million patients and the outpatient prescription information of 160,000 people in June 2018.

In the spirit of transparency, the Government's approach to data security is also published on the Smart Nation website. Annual reports highlighting efforts to continually improve data security standards will be made available to the public on the site.

Meanwhile, members of the public can flag unauthorised disclosures of government data by completing a form on the Smart Nation website.

"The Smart Nation and Digital Government Group will work with the public and the relevant public sector agency or agencies involved to investigate the suspected data incident, and take remedial steps to address any confirmed data incident in a timely manner," the spokesman said.

Other recommendations implemented this month include clarifying the roles and responsibilities of public officers involved in managing data security, and mandating that top public sector leadership be accountable for putting in place a strong organisational data security regime.

The SNDGO said that efforts are on track to implement the committee's recommendations where relevant in 80 per cent of government systems by end-2021.

The rest will follow by the end of 2023, as some systems will require significant redesign.

Other new measures include encrypting sensitive files, and hiding away in a separate system with tighter controls highly-sensitive information about individuals, such as their HIV status. The personal information of ministers and other important people will also be kept in separate systems with more stringent protection.

Join ST's Telegram channel and get the latest breaking news delivered to you.