The public service is to mandate 13 new measures in the aims of safeguarding citizens’ personal data. These measures are being implemented, following a number of personal data breaches that occurred last year.
This announcement was made by the Public Sector Data Security Review Committee. This committee which was convened by Prime Minister Lee Hsien Loong in March will analyse and recommend measures to the Government for securing personal data of citizens.
A progress report issued by the Smart Nation and Digital Government Office (SNDGO) on Monday, July 15, stated that the committee is concluding a detailed review of the civil service’s data security system. This review includes a consolidation of data management practices across all sectors of the government and detailed inspections of major IT systems that are used.
These detailed inspections on IT systems are focused on five agencies:
- Ministry of Health
- Health Sciences Authority
- Health Promotion Board
- Central Provident Fund
- Inland Revenue Authority of Singapore
This is a result of the high volumes of sensitive data that these agencies deal with.
Personal data breaches of last year
Singapore’s healthcare sector agencies had a tough experience of dealing with security breaches last year.
SingHealth
1.5million SingHealth patients’ non-medical records were retrieved and copied in July last year. Out of that number, 160,000 had their outpatient dispensed medicines’ record taken. Personal data such as patients’ names, NRIC numbers, address, gender, race, and date of birth were stolen.
Singapore’s HIV registry
HIV-positive status and personal data of 14,200 people were leaked online from Singapore’s HIV registry this year.
Health Sciences Authority
The personal information of 808,201 blood donors was leaked online for a period of nine weeks from Jan 4 this year. A press release reported that the information was accessed illegally and possibly extracted.
Committee’s focus
While the current data security system is guarded with strong pillars, there is always a risk of breaching. In an earlier article OpenGov reported that though the number of common cyber threats detected in Singapore saw a decrease in 2018, Singapore continues to be the target of cyber-attacks by advanced actors.
These were findings released by the Cyber Security Agency of Singapore (CSA) in the Singapore Cyber Landscape 2018 publication on 18 June 2019.
Hackers are constantly trying to find loopholes in the system to attack and access information. With IT systems becoming more complex, the use of data is needed now more than ever to provide more and efficient digital services to the public and for improved policy-making.
The committee is looking to improve the system by focusing on three aspects: Technical, Process and People Strategies
Technical
The Government has agreed with the committee’s advice to immediately deploy technical measures that are ready for implantation for existing and new systems, in efforts of improving data security standards.
The most immediate measures focus on the sending and receiving of data:
- Data file integrity verification system to avoid tampering of data
- Strengthening of password and encryption requirements across more types of data files
- Prompts before public servants send out emails with sensitive data
These measures are slated to be deployed by the end of the year. Following which, the Government will deploy 10 other technical measures such as tokenisation.
Process and People measures
- Improve high data protection standards by third parties that handle Government data and help to raise the data security capabilities among public officers
Findings and recommendations by the committee are to be submitted to the prime minister by Nov 30.