Progress Update On Public Sector Data Security Review

Progress Update On Public Sector Data Security Review

15 Jul 2019

a) The Government reaffirms the importance of data security.

b) The Committee is seeking the views of industry and global experts to recommend a slate of technical, process and people measures to strengthen data safeguards.

c) In the interim, the Government will be deploying several technical measures to strengthen data safeguards.

Background

The Prime Minister convened the Public Sector Data Security Review Committee (“the Committee”) to review how the Government secures and protects citizens’ data. The Committee, chaired by Senior Minister and Coordinating Minister for National Security, Mr Teo Chee Hean, was formed on 1 Apr 2019. The Committee has met twice, and will submit its report to the Prime Minister by 30 Nov 2019. This provides a progress update of the Committee’s work in the interim.

The Committee took as its key guiding principle the utmost importance that the Government places on its duty to use citizens’ data responsibly and securely. Public trust in the responsible use of data is fundamental to our Smart Nation ambitions to improve our society and economy through digital transformation.

Review and Stocktake

The Committee is completing a comprehensive review of the public sector data security regime. This includes a government-wide stock take of data management practices, and in-depth inspections of key IT systems. It has sought the views of leading industry experts to develop a suite of measures to improve public sector data security.

The current security regime has strong fundamentals. However, there is a need to strengthen our data security regime for the future. This is in view of the increasing complexity of our systems, the greater demand for the use of data to provide convenient digital services to the public, and the need to use data for better policy making. The range of threats to data security has also increased. The Committee and industry experts recognise that a holistic set of Technical, Process and People measures will be required.

Technical

Technical measures are digital solutions and IT tools to improve the Government’s capability to protect citizens’ data. The Government agrees with the Committee’s interim recommendation to immediately deploy several readily implementable measures for existing systems and as well as in new systems to strengthen data security standards across the public sector. These measures will result in: (a) data integrity being checked to ensure that there are no malicious modifications to data in transit; (b) the automated detection of sensitive data content within emails; and (c) enhanced encryption requirements for files. We will also specifically undertake further measures to address and strengthen access controls. These, as well as several other medium term technical measures, will be detailed in the final report.

Process

Process measures are procedures that enable agencies to protect against data security threats, and should incidents occur, detect and respond swiftly and effectively. The Committee is currently studying, and will recommend enhancements to data security rules and guidelines which are adapted from industry and global best practices. These include measures to better ensure high data protection standards by third parties that handle Government data. The Committee will also recommend methods to strengthen the Government’s response to data incidents, to contain the breach and minimise impact; as well as improve procedures to notify and assist members of the public who are affected by data security incidents.

People

People initiatives will enable public officers to be more competent and confident in using and safeguarding data, and maintaining public trust. The Committee is developing measures to raise data security capabilities and strengthen the data-security culture among public officers. This includes skills upgrading and initiatives to raise the level of data security awareness across the public service.

The full set of recommendations by the Committee will be presented to the Prime Minister in November 2019. The recommendations will enable the Government to secure and use data and digital solutions to deliver better services and policies for Singaporeans.

Issued on behalf of the Public Sector Data Security Review Committee Organising Secretariat

Enclosed:

Media Factsheet - Technical Measures (pdf - 810kb)

For media enquiries please contact:

Nasrath Hassan
Senior Assistant Director, Adoption and Engagement Directorate
Smart Nation and Digital Government Office, Prime Minister’s Office, Singapore
Mobile: 9001 0050
Email: Nasrath_HASSAN@pmo.gov.sg

Melvin Tai
Assistant Director, Adoption and Engagement Directorate
Smart Nation and Digital Government Office, Prime Minister’s Office, Singapore
Mobile: 9789 1824
Email: Melvin_TAI@pmo.gov.sg