SINGAPORE: Prime Minister Lee Hsien Loong has convened a committee to conduct a comprehensive review of data security practices across the entire public service, with findings and recommendations to be submitted by Nov 30, the Prime Minister’s Office (PMO) announced on Sunday (Mar 31).
The Public Sector Data Security Review Committee will be chaired by Deputy Prime Minister and Coordinating Minister for National Security Teo Chee Hean, who is also Minister-in-charge of Public Sector Data Governance.
It will also include private sector representatives with expertise in data security and technology, as well as ministers involved in Singapore’s Smart Nation efforts - Dr Vivian Balakrishnan, Mr S Iswaran, Mr Chan Chun Sing and Dr Janil Puthucheary.
The committee will review how the Government is securing and protecting citizens’ data from end to end, including the role of vendors and other authorised third parties, according to a press release from the PMO.
It will recommend technical measures, processes and capabilities to improve the Government’s protection of such data, as well as its response to incidents.
The committee will also develop an action plan of immediate steps and longer term measures to implement these recommendations.
In the course of its work, the committee will consult with international experts and industry officials from both the public and private sectors. The committee will also be supported by an inter-agency taskforce formed by public officers.
“Over the years, the Government has progressively enhanced security measures to safeguard sensitive data,” said PMO, citing the 2016 Internet Surfing Separation policy and the disabling of USB ports from being accessed by unauthorised devices from 2017.
PMO said the Government has also increased the number and types of internal IT audits, to check on agencies’ data access and data protection measures.
“Nevertheless, the Government acknowledges that recent data-related incidents have underlined the urgency to strengthen data security policies and practices in the public sector,” said PMO.
Early this year, the HIV-positive status of more than 14,000 people was leaked online along with confidential information such as their identification numbers and contact details.
The Ministry of Health has also recently revealed several cases in which information was mishandled by IT vendors.
About 7,700 individuals received inaccurate healthcare and subsidies under the Community Heath Assist Scheme last year due to an error in a computer system.
Separately, the personal information of more than 800,000 blood donors in Singapore was exposed on the Internet for more than nine weeks from Jan 4 before authorities were alerted to it by a cybersecurity expert.
“While individual agencies are investigating and taking action on the specific incidents, this committee will undertake a comprehensive review and incorporate industry and global best practices to strengthen data security across the public sector.
“This review will help to ensure that all public sector agencies maintain the highest standards of data governance. This is essential to uphold public confidence and deliver a high quality of public service to our citizens through the use of data. The work of this committee will complement our efforts to achieve our Smart Nation vision,” it added.