In November 2019, the Public Sector Data Security Review Committee submitted recommendations to improve public sector data security, following a comprehensive review of data security policies and practices across the public sector. The Government accepted the Committee’s recommendations and is implementing them in phases to strengthen its data security.
The first set of recommendations from the Public Sector Data Security Review Committee has been implemented as scheduled.
The government have launched a microsite for the public to access information on the Government’s data security policies and measures, and a new central platform for members of the public to report data incidents related to Government agencies.
The measures that have been put in place so far will improve accountability and transparency of the public sector data security plan, and enhance the Government’s effectiveness in responding to incidents promptly, and notifying affected individuals in the event of a data incident.
Technical and process measures to enhance the protection of data, and to prevent the incidence of data compromise are being implemented in stages.
We are on schedule to meet the target set in the Report of implementing the relevant measures in 80% of Government systems by end 2021, and in the remaining 20% of systems by end 2023.
Launch of public microsite on Government’s approach to data security
The new microsite sets out the Government’s approach to data security and has been launched on the Smart Nation website. It will provide the public with a better understanding of the Government’s approach to personal data protection, and the measures put in place to protect personal data.
The Government is committed to ensuring the security of data that is entrusted to it by the public. The Government will also ensure that all public officers handling data do so in accordance with the stringent data security standards put in place. Annual reports highlighting the Government’s efforts to continually improve on these standards will be made available to the public on the microsite.
Public now able to report Government data incidents
Members of the public can now report incidents involving any unauthorised disclosure or compromise of Government data to a central platform.
This is part of the Government’s ongoing efforts to work with the community to identify and address security gaps, and to help secure Government ICT systems, digital services and data.
This is in addition to the Vulnerability Disclosure Programme and Bug Bounty Programme, in which members of the public and white hats can help to identify vulnerabilities in Government web-based and mobile applications. With this initiative, the public can work with Government agencies to strengthen the overall public sector data security regime.
The public can report data incidents by completing the Government Data Incident Reporting Form on the Smart Nation website, emailing Report_Data_Incident@tech.gov.sg with details of the suspected data incident or alternatively calling the Government Data Security Contact Centre hotline at 6383 0117.
The Smart Nation and Digital Government Group will, with the public and the relevant public sector agencies involved to investigate any suspected data incident, take steps to address any confirmed data incident efficiently.