Singapore officials to face tough new penalties for data breaches

Public servants in Singapore who disclose residents’ personal data without authorisation will face up to two years in jail or fines of up to S$5,000 (US$3,750) under new legislation.
The criminal penalties were introduced in the Public Sector (Governance) Bill, which was passed by the Singapore Parliament on Monday. The new law will also penalise officials who re-identify anonymised information without authority, or make use of publicly-held information for personal gain.
Public servants accused of breaching the legislation will be held guilty of an offence if they are found to have “knowingly” or “recklessly” disclosed or re-identified personal data without authorisation.
The legislation, which aims to standardise governance across Singapore’s 61 statutory public bodies, permits public agencies to share confidential information with each other when a government minister has issued a “data-sharing direction”.
When it’s good to share
Ong Ye Kung, education minister (higher education and skills), who is leading an innovation drive across the public sector, told legislators that the public service already shares data through programmes such as the MyInfo platform, which automatically fills out online application forms for government services when users log in, the Straits Times reported.
Anonymised data is shared between public agencies to improve policy analysis, formulation and planning, Ong said, citing the Education Ministry’s use of data on people’s education, family background, jobs and careers to understand the relationship between careers and education as an example.
Identifiable personal data is also shared when services, such as social assistance, needed to be better delivered to individuals.
“Cross-agency data-sharing initiatives are already happening today, because technology has made it possible,” Ong said. “But we need to strengthen the rules, which were written before we could envisage how we can leverage data to improve our work and deliver services better.”
Political oversight
Centralised agencies will be set up to ensure raw data was properly anonymised before being released to the relevant public bodies for analysis, he said.
The legislation empowers ministers to give directions to public sector agencies on how they perform their functions, subject to statutory consultation requirements, and to comply with government policy.
It also establishes standardised requirements for public sector bodies on financial reporting and auditing, declaration of interests, and the appointment or removal of chief executives, for which approval from the Public Service Commission and the relevant minister is mandatory.

Ong Ye Kung, Singapore’s education minister (higher education and skills), who leads the city-state’s public service innovation drive (Image courtesy: Mascotbob).
A qualified welcome
“This Bill is an attempt to entrench the relationships of accountability and demarcate out-of-bounds markers for ministers vis-à-vis the public sector agencies,” said Workers Party MP Sylvia Lim, as reported by Channel News Asia.
“That is certainly a good thing. The Workers Party welcomes this development after nearly 60 years under the same ruling party. Nevertheless… I have some doubts and concerns about how the Bill will be operationalised and what appear to be gaps that may allow the Bill’s intentions to be circumvented.”
Lim said that Clause 11, which deals with the limits on ministerial direction, is “all important” but appears to be easy to circumvent.
The 61 bodies that are subject to the legislation include the Civil Service College, the Intellectual Property Office of Singapore, the Civil Aviation Authority, Nanyang Polytechnic, The Singapore Medical Council, and the National Council of Social Service.