PM Lee convenes committee to review data security in public sector

SINGAPORE - A public sector data security review committee was convened by Prime Minister Lee Hsien Loong on Sunday to conduct a review of data security practices across the entire public service, following a series of recent data breaches.

Chaired by Deputy Prime Minister and Coordinating Minister for National Security Teo Chee Hean, the committee will examine measures and processes related to the collection and protection of citizens' personal data by public sector agencies, as well as by vendors who handle personal data on behalf of the government.

Mr Teo, who is also the Minister-in-charge of Public Sector Data Governance, will be joined by private sector representatives with data security and technology expertise, as well as ministers involved in Singapore's Smart Nation efforts, namely Vivian Balakrishnan, S Iswaran, Chan Chun Sing, and Janil Puthucheary.

The move comes fresh from the latest data security lapse: a Health Sciences Authority vendor said on Saturday that the personal information of more than 800,000 blood donors which was put online improperly for over two months was accessed illegally and possibly stolen.

The committee will be charged with not only reviewing data security practices, but also recommending steps to improve the government's protection of data and response to citizens. It will also develop an action plan of both immediate and longer term measures to implement recommendations.

The committee will be supported by an inter-agency task-force of public officers, and will consult international experts and industry professionals from both the private and public sectors.

The Prime Minister's Office said in a statement that the government has moved to enhance cyber security measures over the years, such as rolling out the Internet Surfing separation policy in 2016 and the disabling of USB ports from being accessed by unauthorised devices in 2017.

There has also been an increase in the number and types of internal IT audits.

But the government said it acknowledges that "recent data-related incidents have underlined the urgency to strengthen data security policies and practices in the public sector".

While individual agencies continue to investigate and take action on specific incidents, the committee will instead take a comprehensive review of the public sector to ensure that the agencies "maintain the highest standards of data governance" to complement Singapore's efforts to be a Smart Nation, said the statement.

The committee will submit its findings and recommendations to the Prime Minister by Nov 30, 2019.

Singapore's public sector has been struck by a growing number of data breaches of late, with the healthcare sector the hardest hit.

The country suffered its worst cyber attack in June last year when hackers went into the database of public healthcare cluster SingHealth and stole the personal data of 1.5 million patients and the outpatient prescription information of 160,000 people, including the Prime Minister.

In January this year, another data breach was reported where the confidential details of 14,200 HIV patients were leaked online by American Mikhy Farrera-Brochez.

This article was first published in The Business Times. Permission required for reproduction.