Fourth Update on the Government's Personal Data Protection Efforts

31 JUL 2023

Fourth Update on the Government’s Personal Data Protection Efforts

31 July 2023

The Smart Nation and Digital Government Office (SNDGO) has published the fourth update on the Government’s personal data protection efforts. It details the Government’s efforts to strengthen the public sector data security regime between 1 April 2022 and 31 March 2023 (i.e. FY2022). This annual update was a key recommendation made by the Public Sector Data Security Review Committee (PSDSRC)¹ in November 2019, to enhance transparency on how the Government uses and secures citizen data.

Trends in Number of Government Data Incidents Reported

No Serious Data Incidents Over Last Three Years

There were 182 government data incidents in FY2022 as compared to 178 in FY2021. None of these incidents were assessed to be of high severity and above, nor posed any significant impact on the agency or affected individuals. Incidents of medium severity also decreased from 52 in FY2021 to 46 in FY2022.

The 2% increase in FY2022 data incidents is likely to be due to the acceleration of data-sharing amongst government agencies as we continue our digital transformation efforts in the public service. The low increase also reflects the improved awareness amongst public officers on the need to safeguard data and to report all data incidents.

Government’s Initiatives to Strengthen Data Security

Launch of the Whole-of-Government (WOG) Central Privacy Toolkit

In March 2023, the inaugural WOG Central Privacy Toolkit was launched. The toolkit is a self-service portal that allows public officers to apply privacy enhancing techniques to datasets while preserving the data’s value. This allows data to be shared within and outside of the public sector in a more rapid, confident, and secure manner, while mitigating the risk of data leaks that stem from sharing datasets. To date, the toolkit has been used by over 80 government agencies.

Progressive Roll-out of Remaining Technical Measures to Prevent Data Compromises

In FY2022, the Government completed the roll out of technical measures to enhance the logging and monitoring of data transactions to detect high-risk or suspicious activity. For instance, the WOG Data Loss Protection (DLP) tool has been deployed to all Government laptops in FY2022. This tool prevents the accidental loss or unauthorised disclosure of sensitive data from government networks, systems, and devices.

With this newly implemented initiative, 22 of the 24 initiatives from PSDSRC’s five key recommendations have been implemented as of 31 March 2023 (Please refer to Annex A for the timeline of recommendations). The Government will progressively deploy technical measures for the remaining two initiatives and is on track to complete all 24 initiatives by end-FY2023. For example, the Government will continue to strengthen account management and user access rights by onboarding the Central Account Management (CAM) solution to eligible Government IT systems. As of 1 April 2023, 63% of eligible Government IT systems have been onboarded to CAM.

Enhancing Competencies in Public Service

The Government recognises that it is not possible to eliminate data incidents entirely and remains committed to respond swiftly to data incidents. From August to September 2022, the Government conducted the annual central ICT and Data Incident Management exercise involving 24 agencies across five Ministries. The exercise enhanced the Government’s ability to provide a coordinated and effective response, and built its competency in responding to data incidents.

Enhancing public officers’ instincts and instilling a culture of excellence in using data securely is an ongoing effort. In FY2022, the Government continued to conduct a series of engagement campaigns and workshops on data protection for public officers. In February 2023, the annual mandatory Data Security e-learning module was also refreshed to emphasise the importance of personal data and data loss protection, and classification of Whole-of-Government data.

Overall, the Government’s initiatives have improved the public sector’s data security posture. The Government will continue to strengthen efforts to safeguard the data of both citizens and businesses. The full FY2022 report can be found on the “A Secure Smart Nation” microsite (go.gov.sg/public-sector-data-security-review).

Annexes

Annex A: Implementation Timeline of the Public Sector Data Security Review Committee Recommendations

For media queries, please contact:

Cristiano Peswani
Manager, Adoption and Engagement Directorate
Smart Nation and Digital Government Office, Prime Minister’s Office
Mobile: +65 9674 5524
Email: cristiano_peswani@pmo.gov.sg

Goh Yu Chong
Assistant Director, Adoption and Engagement Directorate
Smart Nation and Digital Government Office, Prime Minister’s Office
Mobile: +65 9644 1674
Email: goh_yu_chong@pmo.gov.sg

The Public Sector Data Security Review Committee (PSDSRC) made five key recommendations in 2019 to improve the Government’s data security regime. The Government accepted the Committee’s recommendations in full and committed to implementing them in phases from 2020 to 2023. ↩