The third update on the government’s measures to secure personal data has been released by Singapore’s Smart Nation and Digital Government Office (SNDGO). To increase transparency regarding how the Government utilises and safeguards citizen data, the Public Sector Data Security Review Committee (PSDSRC) made this annual update a fundamental recommendation.
The number of incidents involving government data increased from 108 in FY2020 to 178 in FY2021. While the number of data incidents reported has increased, none of these incidents was deemed severe enough to have a significant impact on the agency or the individuals affected.
The overall increase in reported data incidents mirrors trends seen in the private sector and globally, as data exchange and use continue to grow. The increase also reflects increased awareness among public officials of the importance of data security and reporting all incidents, regardless of severity.
Additionally, the government began developing the Central Account Management (CAM) Solution in August 2021 to improve the user account management process. The CAM solution automates the process of removing and deactivating user accounts that have been deactivated due to staff turnover. Since its inception in April 2022, 32 per cent of eligible Government IT systems have been configured for CAM onboarding.
In May 2022, the government will also launch the Whole-Of-Government (WOG) Data Loss Protection (DLP) Suite. The WOG DLP Suite prevents sensitive data from being accidentally lost from government networks, systems, and devices. To detect risky user activities, the WOG DLP tools employ technical and process controls.
Since its inception in December 2020, the DPPCC has been developing data privacy protection toolkits that agencies can use to promote data protection while not limiting its use. Furthermore, DPPCC has been collaborating with agencies to co-create solutions to strengthen data privacy and key system protection. To reduce the risk of data exposure, these solutions include dataset segregation and stringent encryption standards.
Likewise, the government recognises that it is impossible to eliminate data incidents, but we must have the expertise and capability to respond quickly when they occur. The government held the first central ICT and Data Incident Management exercises in September 2021 to ensure that the public sector is prepared to respond to data incidents at the WOG level. 33 agencies from five Ministries participated in the exercises.
Developing the public sector’s capabilities and instincts in data management and security is an ongoing process. Since May 20, 2021, the government has launched a series of engagement campaigns and workshops aimed at all government employees. These campaigns and workshops are intended to raise officers’ awareness of the importance of using data securely and to educate them on how to do so in their daily work.
Meanwhile, OpenGov Asia earlier reported that the Personal Data Protection Commission (PDPC) and the Infocomm Media Development Authority (IMDA) have introduced the Privacy Enhancing Technologies (PET) Sandbox to support firms looking to prototype PET initiatives that address common business problems.
The goal of the PET Sandbox is to work with participants from the commercial sector to determine the appropriate PET to use for a given instance and their technological limits to generate guidelines and best practices that will promote more adoption. The PET sandbox will provide a safe environment and a testing ground for PET concepts to achieve this.
Overall, the government’s initiatives have helped to improve the data security posture of the public sector. Singapore will continue to strengthen its security efforts to protect both citizens’ and businesses’ data. The third update on the Government’s personal data protection efforts is available on the microsite “A Secure Smart Nation” (go.gov.sg/publicsector-data-security-review).