First Tranche Of Public Sector Data Security Review Recommendations Implemented

30 APR 2020

First Tranche Of Public Sector Data Security Review Recommendations Implemented

30 Apr 2020

  • Launch of microsite on Government’s approach to data security

  • New central platform for public to report Government data incidents

The first tranche of recommendations from the Public Sector Data Security Review Committee (“the Committee”) has been implemented on schedule. This includes the launch of a microsite for the public to access information on the Government’s data security policies and measures, and a new central platform for members of the public to report data incidents related to Government agencies.

In November 2019, the Committee submitted its recommendations to improve public sector data security, following a comprehensive review of data security policies and practices across the public sector. The Government accepted the Committee’s recommendations and is implementing them in phases to strengthen its data security regime.

Progress of Implementation

The first tranche of measures that have been implemented will improve accountability and transparency of the public sector data security regime, and enhance the Government’s effectiveness in responding to incidents promptly, and notifying affected individuals in the event of a data incident.

Technical and process measures to enhance the protection of data, and to prevent the incidence of data compromise are being progressively implemented. We are on schedule to meet the target set in the Report of implementing the relevant measures in 80% of Government systems by end 2021, and in the remaining 20% of systems by end 2023. (Please refer to Annex for the implementation timeline of the Public Sector Data Security Review Committee Recommendations)

Launch of public microsite on Government’s approach to data security

A new microsite setting out the Government’s approach to data security has been launched on the Smart Nation website Go.gov.sg/SecureSmartNation. This aims to provide the public with a better understanding of the Government’s approach to personal data protection, and the measures put in place to protect personal data.

The Government is committed to ensuring the security of data that is entrusted to it by the public. The Government will also ensure that all public officers handling data do so in accordance with the stringent data security standards put in place. Annual reports highlighting the Government’s efforts to continually improve on these standards will be made available to the public on the microsite.

Launch of central platform for public to report Government data incidents

Members of the public can now report incidents involving any unauthorised disclosure or compromise of Government data to a central platform. This is part of the Government’s ongoing efforts to work with the community to identify and address security gaps, and to help secure Government ICT systems, digital services and data. This is in addition to the Vulnerability Disclosure Programme and Bug Bounty Programme, in which members of the public and white hats can help to identify vulnerabilities in Government web-based and mobile applications. With this initiative, the public can work with Government agencies to strengthen the overall public sector data security regime.

The public can report data incidents in the following ways:

The Smart Nation and Digital Government Group will work with the public and the relevant public sector agency or agencies involved to investigate the suspected data incident, and take remedial steps to address any confirmed data incident in a timely manner.

Resources:

Implementation Timeline of the Public Sector Data Security Review Committee Recommendations (pdf - 280kb)

For media queries, please contact:

Goh Yu Chong
Senior Manager, Adoption and Engagement Directorate
Smart Nation and Digital Government Office, Prime Minister’s Office, Singapore
Mobile: +65 9644 1674
Email: goh_yu_chong@pmo.gov.sg