Appointment of Public Sector Data Security Review Committee

The Prime Minister has convened a Public Sector Data Security Review Committee (“the Committee”) to conduct a comprehensive review of data security practices across the entire Public Service. This includes measures and processes related to the collection and protection of citizens’ personal data by public sector agencies, as well as by vendors who handle personal data on behalf of the Government.

2. This Committee will be chaired by Deputy Prime Minister and Coordinating Minister for National Security, Mr Teo Chee Hean. Mr Teo Chee Hean is also the Minister-in-charge of Public Sector Data Governance. The Committee will include private sector representatives with expertise in data security and technology, as well as Ministers involved in Singapore’s Smart Nation efforts – Dr Vivian Balakrishnan, Mr S Iswaran, Mr Chan Chun Sing, and Dr Janil Puthucheary.

3. The Committee will:

• Review how the Government is securing and protecting citizens’ data from end-to-end, including the role of vendors and other authorised third parties;
• Recommend technical measures, processes and capabilities to improve the government’s protection of citizens’ data, and response to incidents; and
• Develop an action plan of immediate steps and longer term measures to implement the recommendations

4. In the course of its work, the Committee will consult with international experts and industry professionals, from both the private and public sectors. The Committee will also be supported by an inter-agency taskforce formed by public officers across the Whole-of-Government.

Data security in the public sector

5. Over the years, the Government has progressively enhanced security measures to safeguard sensitive data. These included the Internet Surfing Separation policy in 2016 and the disabling of USB ports from being accessed by unauthorised devices in 2017.  The Government has also increased the number and types of internal IT audits, to check on agencies’ data access and data protection measures. In 2018, we introduced measures to detect and respond more quickly to cyber threats that target critical government databases.

6. Nevertheless, the Government acknowledges that recent data-related incidents have underlined the urgency to strengthen data security policies and practices in the public sector. While individual agencies are investigating and taking action on the specific incidents, this Committee will undertake a comprehensive review and incorporate industry and global best practices to strengthen data security across the public sector.

7. This review will help to ensure that all public sector agencies maintain the highest standards of data governance. This is essential to uphold public confidence and deliver a high quality of public service to our citizens through the use of data. The work of this Committee will complement our efforts to achieve our Smart Nation vision.

8. The Public Sector Data Security Review Committee will submit its findings and recommendations to the Prime Minister by 30 November 2019.

PRIME MINISTER’S OFFICE
31 MARCH 2019