Parliament Sitting on 1 February 2021

QUESTION FOR WRITTEN ANSWER


47. Miss Cheryl Chan Wei Ling:
To ask the Minister for Communications and Information whether the Ministry will consider (i) legally requiring social media platforms to inform its users that their account has been hacked or that an attempt has been made (ii) providing a channel for companies to report such acts and (iii) legally requiring social media platforms to maintain an office to respond to reports filed by the victims.

Answer:

1. Mitigating cybersecurity and data security risks on social media platforms is the collective responsibility of the Government, social media companies and individual users. 

2. Users, including companies, may file a report to the Police if their social media accounts have been hacked. Depending on the facts and circumstances of the case, the Police may commence investigation if an offence is disclosed under the Computer Misuse Act or other relevant laws. 

3. For significant data breaches, the Government has introduced further safeguards under the recently amended Personal Data Protection Act (PDPA). If the exfiltration of personal data arising from the hacking of social media accounts results in significant harm to the users, the organisation responsible for this platform must notify both the Personal Data Protection Commission and affected individuals. In addition, the PDPA requires all organisations, including social media companies, to appoint a Data Protection Officer whose role includes responding to public enquires and complaints.

4. The major social media platforms also provide a channel for users to report to them suspected hacking incidents. Actions that could be taken by the platforms include removing suspicious messages from hacked accounts and assisting affected users in recovering their accounts. In addition, these platforms have mechanisms to notify users of unusual attempts to log into their accounts. All social media platforms should consider putting in place such measures, if they have not already done so.

5. Users of social media platforms should also take steps to protect themselves. They should immediately change their password and notify their contacts, if they realise or suspect that their accounts have been hacked. This way, their contacts could take the necessary precautions, such as not clicking on messages or posts which may contain malware or phishing links. To keep their online accounts secure, users are strongly encouraged to practise good cyber hygiene at all times. For example, they should set strong passwords, use a unique password for each account, and activate two-factor authentication.

6. The Government is committed to working with all stakeholders to protect our citizens in the digital space, and will continue to review our laws and other measures to do so. 

 
Opening Speech by Mrs Josephine Teo, Minister for Communications and Information, at the Official Opening of the National Integrated Centre for Evaluation, on 18 May 2022 Speeches Cyber Security 18 May 22
Speech by Dr Janil Puthucheary, Senior Minister of State for Communications and Information, at the MOU Signing between Singapore Women in Tech and Polytechnics and launch of Cross-Polytechnic Girls in Tech Committee, on 13 May 2022 Speeches Infocomm Media 13 May 22
Opening Address by Dr Janil Puthucheary, Senior Minister of State for Communications and Information, at Inaugural Association of Information Security Professionals (AISP) Internet-of-Things (IOT) Innovation Day 2022 Speeches Infocomm Media 11 May 22
MCI response to PQ on Tracking of Local Companies which Experienced Cyber Attacks over Past Two Years and Measure to Equip Companies with Capabilities to Enhance Cyber Resilience Parliament QAs Cyber Security 09 May 22
MCI response to PQ on Annual Projected Growth of Freelancers in Infocomms Technology and Media Industries from 2022 to 2025 Parliament QAs Infocomm Media 09 May 22
MCI response to PQ on Number of Overseas Scam Calls Reported in 2021 and 2022 and Viability of Call Blocking Option for Users Parliament QAs Cyber Security 09 May 22