News

SINGAPORE – Incidents of data leaks within the public sector rose by 10 per cent to 201 cases in 2023, likely due to the increase in digital services, said the Ministry of Digital Development and Information (MDDI) on July 30. Most of the incidents – 172 of them – were of low severity and had minimal impact on agencies, individuals or businesses, said MDDI in its annual report on the Government’s Personal Data Protection Efforts. Such cases have been steadily rising since 2021, when 126 low severity incidents were recorded. Medium severity incidents, defined as those that pose minor inconveniences to those affected, fell to 29 cases in 2023, compared to . This is partly due to a progressive roll-out of security measures and more awareness on data security within the public sector, said MDDI. For the fourth year running, there have been no reported incidents classified as high, severe or very severe. These incidents refer to those that damage national security or the public’s confidence, or resulting in financial or emotional damage, or even death or serious injury. Only two incidents classified as severe have been reported to date, both in 2018. The , and without permission. The annual report, detailing the number of data incidents and measures taken by the authorities to enhance security, is a key initiative of the Public Sector Data Security Review Committee to promote accountability and transparency. The committee was formed in 2019 after a spate of high-profile cyber-security breaches, including Singapore’s worst data breach involving 1.5 million SingHealth patients’ data in June 2018. MDDI said public sector organisations have fully implemented all 24 initiatives recommended by the committee between 2020 and 2024. The recommendations include enhancing cyber-security measures, processes to detect and respond to data incidents effectively, and raising awareness in safeguarding data. Since March, government user accounts that are no longer needed are automatically removed as part of a Central Accounts Management system, built to reduce the risk of unauthorised access by former officers or exploitation by malicious actors. Public officers have access to a Central Privacy Toolkit (Cloak) which anonymises datasets and helps generate mock data to help with sharing information within agencies or to train artificial intelligence (AI) without risking personal information. The privacy-enhancing tool has anonymised 20 million documents and supported more than 20 generative AI use cases in the Government, said MDDI. All public officers are also required to attend data security e-learning modules, which were refreshed in February to incorporate lessons on new technologies, like how to handle data when using government AI large language models. MDDI will continue to scout for new capabilities to strengthen its data security measures and review its policies and initiatives to keep them up to date.