3 days ago
Singapore moves to tighten public sector data-sharing rules after SingHealth attack
SINGAPORE, Aug 15 — Singapore is moving to strengthen its Public Sector Governance Act (PSGA) to ensure tighter control over how public agencies share data with external partners.
The amendments will enable public sector agencies to authorise an external partner to receive data that is required for the services they are delivering on behalf of the public sector, The Straits Times reported today.
The minister of the public sector agency, or a qualified person appointed by such minister, must authorise the data sharing.
PSGA was designed to provide a clear legal basis for data sharing across the public sector and details data protection and data sharing requirements for public agencies.
In some instances, standards for public agencies are more stringent than the Personal Data Protection Act (PDPA), which applies to the private sector.
As an example, the Singapore daily said the PSGA imposes criminal penalties on individual public officers who flout rules.
These safeguards were tightened after Singapore's worst cyber attack in June 2018, when hackers stole the personal data of 1.5 million SingHealth patients and the outpatient prescription information of 160,000 people, including then prime minister Lee Hsien Loong.
The Straits Times reported that in 2018, 14,200 patients from the Ministry of Health's HIV registry had their confidential data leaked, and 223 State Courts case files were accessed without authorisation due to a system vulnerability.
Under the proposed changes, individuals with external parties who misuse shared data may be subject to the same level of penalties as public officers under the PSGA.
'The Government takes seriously its responsibility to protect the data entrusted to the public sector, and will continue to ensure robust data governance, as it seeks to achieve greater public value from the use of data,' said MDDI.
The deadline for public feedback on the proposed changes, accepted at this website is 5pm on September 2.
