Getting your Trinity Audio player ready...
|
In response to critical questions about the collection and protection of biometric data by private entities, Singapore’s Minister for Digital Development and Information outlined measures to prevent the misuse and resale of this sensitive information, while highlighting the regulatory frameworks established to mitigate associated risks.
The minister clarified that the Personal Data Protection Act (PDPA) governs the collection, use, and care of personal data, including biometric data, by organisations in Singapore. Biometric data, which includes physiological and behavioural traits unique to individuals, is particularly sensitive as it cannot be altered once compromised.
Given the heightened risk of misuse by malicious actors, organisations handling such data are required to implement robust security measures and obtain informed consent from consumers before collecting any personal information.
The minister emphasised that the Personal Data Protection Commission (PDPC) has been actively engaging with Worldcoin to ensure they comply with PDPA obligations. The PDPC closely monitors the collection and use of personal and biometric data, and it has the authority to enforce actions against organisations that violate data protection laws. To help guide organisations, the PDPC has issued a Guide on Responsible Use of Biometric Data in Security Applications, outlining best practices for safeguarding biometric information.
Addressing the risk of fraud and scams arising from the misuse of biometric data, the government has put regulatory frameworks in place to monitor private entities and ensure compliance with existing data protection laws. The PDPC collaborates with international counterparts to maintain a cohesive and robust global approach to managing risks related to biometric data technologies.
Educational outreach efforts, such as the annual Personal Data Protection Week, aim to raise public awareness about the potential risks of sharing biometric data and the importance of understanding how personal information will be used before giving consent.
Ultimately, individuals must exercise caution and be fully informed about how their biometric data will be handled to mitigate risks associated with its misuse.
OpenGov Asia reported that the Singapore Government’s fifth annual report on public sector data security for the fiscal year 2023 highlights significant progress, including the successful implementation of all 24 recommendations from the 2019 Public Sector Data Security Review Committee (PSDSRC).
In FY2023, 201 data incidents were reported, an increase from 182 in FY2022, mainly attributed to the growth in digital services and improved incident reporting by public officers. Despite the rise, most incidents were of low severity, with no high-severity cases for the fourth consecutive year.
Key measures introduced include the expansion of the Central Privacy Toolkit (Cloak), the deployment of automation tools to enhance security, and improved public service competencies through incident management exercises and educational initiatives.
The government continues to keep data security at the centre, governed by the Public Sector (Governance) Act and supported by the Government’s Infocomm Technology management policies.
Minister Josephine Teo highlighted the increasing need to balance data protection with technological innovation, particularly in artificial intelligence, during her address at Personal Data Protection Week. As AI technologies like Generative AI and large language models (LLMs) reshape industries, robust data governance is essential, especially as data scarcity challenges model accuracy and bias mitigation.
Singapore is addressing these challenges through the Model AI Governance Framework, which provides guidelines for responsible AI development, focusing on transparency, testing, and cybersecurity risks. The AI Verify framework promotes clear disclosures and rigorous testing of Generative AI models, while Privacy-Enhancing Technologies (PETs) safeguard sensitive data and support AI advancements.
By prioritising trust, transparency, and collaboration, Singapore is establishing a global standard for data collection, usage, and protection, ensuring societal benefits while safeguarding individual rights and national security.