Parliament Sitting on 10 January 2022

QUESTION FOR WRITTEN ANSWER


53. Ms Joan Pereira: To ask the Minister for Communications and Information what measures are in place to ensure that companies which engage third- or fourth-party IT vendors select those that are licensed and certified by the Ministry so as to minimise the risk of data breaches and leaks.

Answer:

1. The Personal Data Protection Act (“PDPA”) obliges all companies to protect the personal data they manage or process. 

2. The government has put in place trustmark certifications to help companies better identify IT vendors with strong data and cyber security practices. The Data Protection Trustmark (“DPTM”), overseen by the Infocomm Media Development Authority (“IMDA”) recognises companies with sound policies and practices to protect the personal data they manage, and use it responsibly.  IMDA’s DPTM covers more than 66 million personal data records held by 76 companies. This includes over 16 million records held by 30 companies certified from the ICT sector. Additionally, the Cyber Security Agency will launch the SG Cyber Safe Trustmark later this year to recognise companies with sound cybersecurity practices. 

3. While companies are not required to engage certified vendors, we strongly encourage it. To further aid companies, the Personal Data Protection Commission (“PDPC”) has issued guidelines to help them evaluate the data protection policies and practices of potential IT vendors, enabling companies to make more informed choices. 

4. To enhance the security posture of companies and IT vendors, the Government has put in place measures such as regular cybersecurity advisories via SingCERT to help businesses mitigate cybersecurity risks expeditiously. 
MCI response to PQ on Reasons for Recent Data Breach of Local Retail Website and Measures to Ensure Security and Protection of Customer Data Parliament QAs Personal Data, Cyber Security 04 Apr 22
Speech by Mrs Josephine Teo, Minister of Communications and Information, at the Ministry of Communications and Information Committee of Supply Debate on 4 March 2022 Speeches, Parliament QAs Public Comms, Personal Data, Libraries, Infocomm Media, Government Technology, Digital Readiness, Digital Defence, Cyber Security, Others 04 Mar 22
Building a Vibrant and Secure Digital Future, Together Press Releases Others, Cyber Security, Digital Defence, Digital Readiness, Government Technology, Infocomm Media, Libraries, Personal Data, Public Comms 04 Mar 22
MCI response to PQ on Cases of Unauthorised Sale of Personal Data Investigated by Personal Data Protection Commission in Past Five Years Parliament QAs Personal Data 10 Jan 22
MCI response to PQ on Measures in Place to Ensure Companies Engage Licensed and Certified Third- or Fourth-party IT vendors to Minimise Risk of Data Breaches and Leaks Parliament QAs Personal Data 10 Jan 22
MCI’s response to PQ on Plans to Increase Transparency and Accountability of Companies Providing and Purchasing Surveillance Advertising Parliament QAs Personal Data 01 Nov 21