SINGAPORE – The public sector reported 182 data incidents in the year up to March 31, up from 178 cases reported in the year before, as data sharing among agencies accelerated due to increased digitalisation.
More data incidents had been reported yearly since 2019, when 75 were logged, according to a report on the Government’s personal data protection efforts between April 2022 and March 2023 that was released by the Smart Nation and Digital Government Office (SNDGO) on Monday.
Data incidents are incidents involving the unintentional disclosure of data, such as a website data leak due to a system error, a cyber attack, or the sending of data to unintended recipients.
All incidents reported in finanical year (FY) 2022 were of low to medium severity, and there had been no high-severity incidents for three years, under the report’s five-tier classification system, which ranks data incidents in terms of impact from low to very severe.
High-severity incidents are those that can damage national security or public confidence, as well as affect businesses and cause emotional distress to individuals.
Of the cases in the year ended March 31, 136 were of low severity, meaning they had minimal impact on agencies, individuals and businesses.
There was a 12 per cent drop in medium-severity data incidents, with 46 reported.
These cases pose difficult or undesirable consequences for a public agency or minor inconvenience to the public.
Of the 182 cases in 2022, 70 were reported by members of the public through the Government Data Security Contact Centre portal, which was launched in April 2020 as a public reporting channel for data incidents.
Of these reports, 20 were classified as data incidents after investigation.
The authorities will improve awareness and measures among public officers to protect data, said SNDGO.
It did not provide any examples of the incidents reported.
The number of complaints made to the Personal Data Protection Commission on potential data breaches by private organisations also went down, dipping by 46 per cent to 3,600 reports in 2022, it said, adding that the drop was within expectations as Singapore emerges from the Covid-19 pandemic.
“The slight increase in financial year 2022 data incidents is likely due to the acceleration of data sharing amongst agencies as we return to normalcy post-Covid-19 and continue to push our digitalisation efforts,” said SNDGO.
“In addition to improving awareness amongst public officers on the need to safeguard data, technical measures to improve our data security posture will also be implemented.”
This is the fourth edition of the report after the Government was urged by the Public Sector Data Security Review Committee to publish annual updates on its data security efforts.
The committee was set up in 2019 to review how the authorities secure and protect citizens’ data, after a spate of cyber-security breaches, including Singapore’s worst data breach involving 1.5 million SingHealth patients’ data in June 2018.
The Government is on track to implement all 24 data-handling measures recommended by the review committee by the end of the financial year, including a process of minimising data collection and retention to reduce the impact of a potential attack.
It involves promptly removing access rights that have expired to prevent the data from being leaked.
As at April, 63 per cent of eligible government information technology systems have adopted this practice to reduce the risk of unauthorised data access by officers who have left their roles, and fraudulent entry from malicious actors.
