Public and private sectors to join hands on data security

Senior Minister Teo Chee Hean noted that many organisations in both the public and private sectors today are data-driven and both sectors "offer good examples of how to maintain high integrity of data".
Senior Minister Teo Chee Hean noted that many organisations in both the public and private sectors today are data-driven and both sectors "offer good examples of how to maintain high integrity of data".PHOTO: MCI

Both sectors offer good examples of high data integrity, says SM Teo

The public and private sectors will work as partners when it comes to dealing with data security, said Senior Minister Teo Chee Hean who heads the Public Sector Data Security Review Committee.

He noted yesterday that many organisations in both the public and private sectors today are data-driven and both sectors "offer good examples of how to maintain high integrity of data". SM Teo was speaking to the media about his committee's recommendations.

Adding that the two sides will continue to work together in the future, he said: "We have benefited greatly from the perspectives that the private sector members have brought to the committee."

Besides Mr Teo and four ministers involved in Singapore's Smart Nation efforts - Dr Vivian Balakrishnan, Mr S. Iswaran, Mr Chan Chun Sing, and Dr Janil Puthucheary - the committee includes five private sector representatives with expertise in data security and technology.

Mr Teo, who is also the Minister-in-charge of Public Sector Governance, highlighted how data security-related legislation and guidelines for the public and private sectors constantly referenced one another over the years.

For example, he said, the Ministry of Communications and Information may apply a certain provision of the Public Sector Governance Act, which penalises public officers who egregiously breach data privacy, to the Personal Data Protection Act as well, which is a data protection law for the private sector.

"So actually, we are learning from each other the best practices, the best standards," he added.

Mr Chan, who is Minister-in-charge of the Public Service, said at the same press conference that the public service sector "must not think of ourselves in isolation".

"The strength of the Singapore system is determined by the weakest link. For us, it is necessary, but not sufficient, to just look at our own internal processes. We must see how we interface with the private sector because only by doing so, can the entire system be robust," he said.

 
 
 

Mr Iswaran, who is Minister-in-charge of Cybersecurity, pointed out that whether it is the public or private sector, there needs to be an assurance that data security is being taken seriously. Those handling data security should also demonstrate the capability to prevent data breaches, and respond to them quickly should they happen.

Accountability and transparency are also necessary when such breaches occur, he added.

Dr Balakrishnan, who is in charge of the Smart Nation initiative, said: "If you don't have data security, we cannot proceed with all the projects and the services that people expect us to deliver," he said.

In a statement, committee member Ho Wah Lee, a former KPMG partner, said the recommendations would prove effective. "With the recommended enhancements to the audit frameworks, the Government should be able to prevent, detect and respond swiftly and effectively to data incidents," he said.

Mr David Gledhill, former chief information officer for DBS who was also on the panel, said the recommendations are "extremely comprehensive".

He added that it helps that a high-level body will oversee public sector data security.

"It ensures not only that current measures are implemented, but also that the group is continuously looking at how this is an evolving space... I think things will evolve and the process of (having) a team responsible for always looking forward is a very, very robust addition."


About the review committee

The Public Sector Data Security Review Committee was convened in March by Prime Minister Lee Hsien Loong to look at and strengthen data security practices across the entire public service, following a series of data-related breaches.

It is chaired by Senior Minister Teo Chee Hean, who is also Minister-in-charge of Public Sector Data Governance, and includes five private sector representatives with expertise in data security and technology, as well as the four ministers involved in Singapore's Smart Nation efforts.

The four ministers are Dr Vivian Balakrishnan, who is Minister-in-charge of the Smart Nation Initiative; Mr S. Iswaran, Minister-in-charge of Cybersecurity; Mr Chan Chun Sing, Minister-in-charge of the Public Service; and Dr Janil Puthucheary, Minister-in-charge of the Government Technology Agency.

The private sector members are Sir Andrew Witty, chief executive of Optum; Professor Anthony Finkelstein, the British government's chief scientific adviser for national security; Mr David Gledhill, senior adviser and former chief information officer for DBS Bank; Mr Ho Wah Lee, a former KPMG partner; and Mr Lee Fook Sun, chairman of Ensign InfoSecurity.

The committee was supported by a separate expert group consisting of seven international experts and industry professionals, as well as by an inter-agency task force formed by public officers across the Government.

 
 

In formulating its recommendations, the committee inspected 336 systems across 94 agencies in Singapore to identify security risks and the common causes of data breaches.

In addition, it examined global and industry best practices and reviewed the Government's data-security-related legislation and guidelines against the requirements for private sector organisations.

It also evaluated whether the proposed recommendations would have prevented the past data incidents or mitigated their impact.

A version of this article appeared in the print edition of The Straits Times on November 28, 2019, with the headline 'Public and private sectors to join hands on data security'. Print Edition | Subscribe