PM Lee convenes data security committee in lieu of recent breaches

Responding to recent data-related breaches, Prime Minister Lee Hsien Loong has convened a Public Sector Data Security Review Committee to conduct a comprehensive review of data security practices across the entire public service. The committee will submit its findings and recommendations to the prime minister by 30 November 2019.

The local government has had several lapses of data breaches in recent times, including the leak of over 800,000 blood donors' personal particulars due to mishandling of data by a vendor of the Health Sciences Authority. The press release by the Prime Minister's Office said, "The Government acknowledges that recent data-related incidents have underlined the urgency to strengthen data security policies and practices in the public sector."

The committee will review how the Government is securing and protecting citizens’ data from end-to-end, including the role of vendors and other authorised third parties. Additionally, it will recommend technical measures, processes and capabilities as well as develop an action plan of immediate steps and longer term measures.

Chaired by deputy prime minister and coordinating minister for national security, Teo Chee Hean, the committee will include private sector representatives with expertise in data security and technology, as well as Ministers involved in Singapore’s Smart Nation efforts – Dr Vivian Balakrishnan, Mr S Iswaran, Mr Chan Chun Sing, and Dr Janil Puthucheary. Mr Teo Chee Hean is also the Minister-in-charge of Public Sector Data Governance.

In the course of its work, the committee will consult with international experts and industry professionals, from both the private and public sectors. The committee will also be supported by an inter-agency taskforce formed by public officers across the whole-of-government.

According to the press release, the government has progressively enhanced security measures to safeguard sensitive data over the years. These included the Internet Surfing Separation policy in 2016 and the disabling of USB ports from being accessed by unauthorised devices in 2017.  The government has also increased the number and types of internal IT audits, to check on agencies’ data access and data protection measures. In 2018, the government introduced measures to detect and respond more quickly to cyber threats that target critical government databases.