Government Accepts Recommendations of the Public Sector Data Security Review Committee

In his reply to the Committee, Prime Minister Lee Hsien Loong said that the Government accepts all the recommendations by the Public Sector Data Security Review Committee (“the Committee”) to secure and use data and digital solutions to deliver better services and policies for Singaporeans.

PM Lee, in his letter to the Committee accepting the recommendations said, “Data is the lifeblood of the digital economy and a digital government. We need to use and share data as fully as possible to provide better public services. In doing so, we must also protect the security of the data and preserve the privacy of individuals, and yet not stifle digital innovation. This is especially so in healthcare, but it is true of every other field of government too.

PM Lee also said that,“As the custodian of a vast amount of data, the Government takes this responsibility very seriously. We must do our utmost to minimise the risk of data breaches. At the same time, when such breaches do occur, it is essential that we detect them quickly, and respond effectively to limit the breach and minimise the harm done.”

Implementation Plan

The Government agrees with the Committee that these recommendations should be implemented as soon as practicable. The Government has already implemented three baseline technical measures in October 2019 to strengthen data security standards across the public sector. By end 2021, we target to implement the recommended technical measures in 80% of Government systems; and by end 2023, we target to implement these measures in the remaining 20% of Government systems.

The Digital Government Executive Committee, an existing committee chaired by the Permanent Secretary of the Smart Nation and Digital Government Office, will be appointed as the Whole-of-Government body to oversee public sector data security and drive the implementation of the Committee’s recommendations.

The Government Data Security Unit will also be set up in the Government Data Office to drive data security efforts across the Government. Capabilities in data protection and privacy preservation technologies will be built within GovTech’s Capability Centres, to deepen the Government’s expertise in these areas.

Conclusion

These recommendations, when implemented, will significantly improve the Government’s public sector data security regime; help establish a culture of excellence in data security within the Government; and enable the public sector to use data well to serve the public better. The Government will continually review its data security regime to adopt best practices and techniques, and meet future threats.

****