12 April, 2019
A review of data security across public sector organisations in Singapore has been commissioned by the city state's government.
Prime minister Lee Hsien Loong has set up a committee to lead the review, which follows on from recent high-profile incidents of data breaches in Singapore's public sector.
In January, the Personal Data Protection Commission (PDPC) served fines totalling SIN$1 million ($739,000) on the body behind the operation of several hospitals and other health institutions in Singapore and the city state's central national IT agency for the public healthcare sector over data security failings that enabled a hacker to access the personal data of nearly 1.5m people.
Later that month, the Ministry of Health (MoH) confirmed that thousands of people diagnosed with HIV, as well as people linked to those individuals, had their details "illegally disclosed online" in a separate incident.
Those incidents have "underlined the urgency to strengthen data security policies and practices" in the sector, the prime minister's office said in a statement. The Public Sector Data Security Review Committee, which will be led by Singapore's deputy prime minister Teo Chee Hean, will scrutinise data security practices "across the entire public service", including the way service providers to the government handle personal data, it said.
"The Committee will: review how the government is securing and protecting citizens’ data from end-to-end, including the role of vendors and other authorised third parties; recommend technical measures, processes and capabilities to improve the government’s protection of citizens’ data, and response to incidents; and develop an action plan of immediate steps and longer term measures to implement the recommendations," the prime minister's office said.
The Committee will submit its recommendations to the prime minister by 30 November this year.
For further information please contact:
Bryan Tan, Partner, Pinsent Masons MPillay
bryan.tan@pinsentmasons.com