Change in law proposed to pave the way for public-private sector data sharing

Changes to existing laws have been proposed to pave the way for public agencies to share data that may involve individuals or businesses with the private sector.

The authorities are also considering imposing criminal penalties on individuals from the private sector if they were found to have abused the data shared with them when working with the Government.

This proposed update to the Public Sector Governance Act (PSGA), first rolled out in 2018 to hold public servants accountable, is being discussed in a public consultation slated to end on Sept 2.

“The amendments aim to enhance the use of data to deliver better services to Singaporeans,” said the Ministry of Digital Development and Information (MDDI) in its consultation paper published on Aug 12.

The proposed amendments aim to provide more clarity on data sharing between the public and private sector.

This comes as the Government increasingly works with community groups and the private sector to deliver services to the public, and may need to share government data sets involving individuals or businesses, facts and statistics with external parties, said MDDI.

For example, to help community organisations deliver social assistance to Singaporeans in need, or provide health-related support to the elderly, the public sector may need to share with them timely and accurate lists of eligible individuals, along with their contact and eligibility details.

Likewise, trade associations require insights into the needs of businesses so that they can better tailor support schemes for small and medium enterprises, the ministry added.

With the proposed changes to the PGSA, the law would provide a clear legal basis for public sector agencies to share data with authorised external partners.

The amendments will enable public sector agencies to authorise an external partner to receive data that is required for the services they are delivering on behalf of the public sector.

The minister of the public sector agency, or a qualified person appointed by such minister, must authorise the data sharing.

PSGA was designed to provide a clear legal basis for data sharing across the public sector. It details data protection and data sharing requirements for public agencies.

In some instances, standards for public agencies are more stringent than the Personal Data Protection Act (PDPA), which applies to the private sector. For example, the PSGA imposes criminal penalties on individual public officers who flout rules.

The PSGA was tightened following Singapore’s worst cyber attack in June 2018, when hackers stole the personal data of 1.5 million SingHealth patients and the outpatient prescription information of 160,000 people, including then Prime Minister Lee Hsien Loong.

Also in 2018, there were two other severe data leaks in the public sector. One involved the unauthorised disclosure of the confidential data of 14,200 patients from the Ministry of Health’s HIV registry. The second involved the unauthorised access of 223 case files due to a vulnerability in the State Courts’ online system.

Under the proposed changes, individuals with external parties who misuse shared data may be subject to the same level of penalties as public officers under the PSGA.

The PSGA criminalises the acts of unauthorised disclosure of data, misuse of data and the re-identification of individuals from anonymised data. Public officers found guilty of these offences can be fined up to $5,000 and can face a jail term of up to two years.

In addition, the PDPA obligations and penalties will continue to apply for these external partners.

Separately, MDDI proposed to amend the PSGA to clarify that public agencies may use internally the data that they are allowed to share with other public agencies.

“The Government takes seriously its responsibility to protect the data entrusted to the public sector, and will continue to ensure robust data governance, as it seeks to achieve greater public value from the use of data,” said MDDI.

The public has till 5pm on Sept 2 to submit their feedback on the proposed changes via https://go.gov.sg/feedbackpsga2025

The Straits Times has reached out to MDDI for comment.

Source: The Straits Times © SPH Media Limited. Permission required for reproduction.

Over 100 people under investigation for vape offences, say MOH and HSA