Public sector subject to 'same, if not higher' standards of data governance as private sector: S Iswaran
SINGAPORE: The public sector is subject to the same, if not higher, rigorous standards of data governance as that of the private sector, Minister for Communications and Information S Iswaran said in Parliament on Tuesday (Feb 12).
“We have to do that,” he said. “Because if we don’t, a lot of our other efforts in terms of wanting to be a Smart Nation or harnessing digital technologies to deliver better public services will all be thwarted.”
“That’s exactly why we take this very seriously.”
Mr Iswaran was responding to a question by MP for Aljunied GRC Sylvia Lim. Ms Lim had asked if the Personal Data Protection Act (PDPA) should be amended to remove the exemptions for public agencies, given the gravity of data protection breaches in the public sector.
The PDPA, which came into force in 2012, establishes a baseline standard for data protection in the private sector, balanced against its need to use personal data for reasonable purposes.
Mr Iswaran explained that in 2018, the Public Sector (Governance) Act (PSGA) introduced additional safeguards for personal data in the public sector, including criminalising the misuse of data by public servants. The data protection standards, he said, are in broad alignment with the PDPA.
He added that the data collected by the public sector is also protected by specific legislation such as the Official Secrets Act, the Income Tax Act, the Infectious Diseases Act and the Statistics Act.
“There’s a clear recognition that the mode of operation and the expectation of how data is used in order to provide an effective and efficient public service implies that we do need a different methodology in the way we govern public sector data governance,” he said. “That’s why we have a differentiated approach.”
The PSGA, he said, allows personal data to be managed as a common resource within the public sector for better policymaking and more responsive services. In contrast, each private sector organisation is expected to be individually accountable for the personal data in its possession, and there is no expectation of a similar integrated delivery of services across different commercial organisations.
Mr Iswaran further said, in response to a series of supplementary questions, that there is recourse for individuals who feel that their data has been mishandled in the public sector. They could, for example, lodge a complaint with the relevant ministry or agency, or make a police report if they feel a crime has been committed.