Parliament Sitting on 12 February 2019

QUESTION FOR ORAL ANSWER


*12. Ms Sylvia Lim: To ask the Minister for Communications and Information given the gravity of data protection breaches in the public sector, whether the Personal Data Protection Act should be amended to remove the exemptions for public agencies. 

Answer:

The Personal Data Protection Act (PDPA) came into force in 2012.  With the gathering pace of digitalisation, we recognised the need to strengthen data protection in the private sector.  The PDPA establishes a baseline standard for data protection in the private sector, balanced against its need to use personal data for reasonable purposes.    

2. On its part, the Government has always taken seriously its responsibility to protect the data entrusted to the public sector, and we continue to strengthen our data governance policies.  Since 2001, the Government Instruction Manuals already include measures to govern the use, retention, sharing and security of personal data among public agencies.  In 2018, the Public Sector (Governance) Act (PSGA) was introduced and it provided for additional safeguards for personal data in the public sector, including criminalising the misuse of data by public servants.  The data protection standards in the PSGA are also aligned with the PDPA.

3. In addition, data collected by the public sector is also protected by specific legislation such as the Official Secrets Act, the Income Tax Act, the Infectious Diseases Act and the Statistics Act.  Collectively, these laws impose a high standard of responsibility on all public agencies, with additional requirements for the protection of sensitive or confidential data.  Also, regular, mandatory audits are conducted to ensure that public agencies comply with the standards for data protection and the security of ICT systems.

4. The PSGA allows personal data to be managed as a common resource within the public sector for better public policy making and more responsive public services.  For example, when a Singaporean applies for financial assistance at a Social Service Office, the front-line officers are able to quickly evaluate his or her eligibility for financial assistance because they have access to data from other relevant agencies.  In this way, we minimise the documents that need to be submitted by the applicant and improve the delivery of public services.  In contrast, each private sector organisation is expected to be individually accountable for the personal data in its possession, and there is no expectation of a similar integrated delivery of services across different commercial organisations.  

5. Because of these important differences, we need and have adopted different approaches to the protection of personal data in the public and private sectors.  That is also why the PDPA applies only to the private sector, while the PSGA and other legislation govern data protection in the public sector.  We will regularly review the PDPA, the PSGA and other legislation to ensure that they remain relevant and effective in safeguarding personal data in both the public and private sectors.
 
Speech by Dr Janil Puthucheary, Senior Minister of State, Ministry of Communications and Information, at the MCI Committee of Supply Debate 2020 on 3 Mar 2020 Parliament QAs, Speeches Cyber Security, Infocomm Media, Personal Data 03 Mar 20
Speech by Mr S Iswaran, Minister for Communications and Information, at the MCI Committee of Supply Debate 2020 on 3 Mar 2020 Parliament QAs, Speeches Cyber Security, Infocomm Media, Libraries, Personal Data 03 Mar 20
MCI's response to PQ on the work of the Advisory Council on the Ethical Use of AI and Data Parliament QAs Personal Data 03 Feb 20
MCI's response to PQ on personal data lost due to hacking Parliament QAs Personal Data 06 Jan 20
MCI's response to PQ on Do Not Call Registry Parliament QAs Personal Data 07 Oct 19
Opening Remarks by Mr S Iswaran, Minister for Communications and Information, at the 7th Personal Data Protection Seminar on 17 July 2019 Speeches Personal Data 17 Jul 19