Earlier this week, Prime Minister Lee Hsien Loong convened a Public Sector Data Security Review Committee to conduct a comprehensive review of data security practices across the entire public service.
The move comes following the rise in data breaches, with the most recent being the leak of over 800,000 blood donors’ personal particulars, due to mishandling of data by a vendor of the Health Sciences Authority. The incident came shortly after several others include leak of details of HIV-diagnosed individuals’ and the infiltration of the SingHealth database.
In a conversation with Marketing, Lars Voedisch, managing director, PRecious Communications said for government agencies the expectation is set higher than for companies as cost saving or negligence on security matters are less acceptable.
Citing the example of the data leak of HIV-positive patients where the leak initially happened in 2016, but the government informed those affected only in 2018, he said, “While it is understandable that the government had to make that decision in the interest of data protection, this might have created the perception of not being completely upfront about important issues”.
However, he agrees that the formation of the committee using a top-down approach will go some way into building trust between government agencies and the public. “The decision to name Deputy Prime Minister Teo and other high ranking ministers in the committee helps to communicate the seriousness with which the government is tackling the issue,” he said.
Carolyn Camoens, managing director Asia, Hume Brophy also lauded the move saying it should indicate to the public that the government is serious about the issue, and is putting significant effort into a review. However, confidence in the effort will only come, though, from transparency in the process and, proactive and detailed communication about the findings.
While cybersecurity experts have spoken in favour of the technical response to the issues, “the repeated breaches have done little to inspire public confidence”, Camoens explained. She added that it seems “well acknowledged that communication, particularly with regard to the Singhealth cyber attack in 2018, could have been more timely and comprehensive, especially in respect of those directly affected”.
Always on mindset
In an age where data breaches are getting more common, the public has become more aware that missteps in data security can happen. But what is more critical now is for for government agencies to maintain a clear and open line of communication to the public.
Camoens added that communications preparedness and reaction to crisis in the cyber attack world needs to be the result of a similar ‘always on’ mindset, given that data breaches are inevitable.
“Organisations need to be prepared to respond quickly and comprehensively. And just as the Committee of Inquiry has recommended improved incident response plans, the communications plans should be similarly reviewed and improved, and regularly updated,” she said.
Timely updates needed
Both Camoens and Voedisch added that with the new committee, milestones should be set for frequency on updates to the wider public on measures being taken to secure the data. Voedisch said while the results from that committee are only expected in six months down the road, the public will most likely want to hear from the committee on break through sooner.
“It will be crucial to publish continued updates on the findings and recommendations of the committee to build and possibly regain trust especially with the public. It is absolutely crucial for government agencies to maintain a clear and open line of communication to the public,” he added.
According to Meltwater statistics, the overall social and news sentiments have been neutral. The media exposure saw a jump over the weekend, which comes right after PM Lee’s announcement of the new committee.
Mimrah Mahmood, regional director of Media Solutions, Meltwater said Singaporeans continue to hold data privacy in high regard, thus the statistics showing the topic of data security widely discussed on social media even before the newly formed data security committee was announced.
“With data breaches, the drop in public confidence in a brand or organisation can do as much damage as the actual data that gets leaked. Like any crisis in confidence, swift corrective action is a vital first step, but it will be a long-term journey to restore the trust that has unfortunately been lost, which is what the new committee aims to achieve,” he added.