Parliament Sitting on 10 January 2022

QUESTION FOR WRITTEN ANSWER


53. Ms Joan Pereira: To ask the Minister for Communications and Information what measures are in place to ensure that companies which engage third- or fourth-party IT vendors select those that are licensed and certified by the Ministry so as to minimise the risk of data breaches and leaks.

Answer:

1. The Personal Data Protection Act (“PDPA”) obliges all companies to protect the personal data they manage or process. 

2. The government has put in place trustmark certifications to help companies better identify IT vendors with strong data and cyber security practices. The Data Protection Trustmark (“DPTM”), overseen by the Infocomm Media Development Authority (“IMDA”) recognises companies with sound policies and practices to protect the personal data they manage, and use it responsibly.  IMDA’s DPTM covers more than 66 million personal data records held by 76 companies. This includes over 16 million records held by 30 companies certified from the ICT sector. Additionally, the Cyber Security Agency will launch the SG Cyber Safe Trustmark later this year to recognise companies with sound cybersecurity practices. 

3. While companies are not required to engage certified vendors, we strongly encourage it. To further aid companies, the Personal Data Protection Commission (“PDPC”) has issued guidelines to help them evaluate the data protection policies and practices of potential IT vendors, enabling companies to make more informed choices. 

4. To enhance the security posture of companies and IT vendors, the Government has put in place measures such as regular cybersecurity advisories via SingCERT to help businesses mitigate cybersecurity risks expeditiously. 
Speech by Mrs Josephine Teo, Minister of Communications and Information, at the Global Technology Summit on 1 December 2022 Speeches Personal Data, Others, Cyber Security 01 Dec 22
MCI Response to PQ on Collection of NRIC and Personally Identifiable Information by Security Officers at Commercial and Private Residential Facilities Parliament QAs Personal Data, Others 30 Nov 22
MCI Response to PQ on Measures in Place to Safeguard Privacy and Data of Users against Illegal Tracking by Tech Companies Parliament QAs Personal Data 28 Nov 22
MCI Response to PQ on Publishing Unedited Submissions from Individuals and Industry Players in Public Consultations on Proposed Legislation Parliament QAs Others, Public Comms, Personal Data 28 Nov 22
Speech by Mr Tan Kiat How, Senior Minister of State, Ministry of Communications and Information, at SGTech Global Future Series: Digital Trust Forum on 28 October 2022 Speeches Infocomm Media, Personal Data 28 Oct 22
Speech by Mrs Josephine Teo, Minister for Communications and Information, at The Singapore Computer Society (SCS) Tech3 Forum on 26 Aug 2022 Speeches Others, Cyber Security, Personal Data 26 Aug 22