Call for data protection rules to apply to public sector

This article was published in The Straits Times on August 1, 2018

Technology leaders’ pitch at international meeting comes amid growing cyber threats


The call has grown louder for the public sector to be bound by the same personal data protection laws that apply to the private sector as governments transform themselves digitally, said technology leaders at an international meeting in Estonia. It comes on the heels of heightened cyber security threats, including Singapore disclosing last month that it was hit by the worst cyber attack that compromised the personal data of 1.5 million SingHealth patients.

Mr Ramesh Narayanaswamy, chief technology and operations officer at Malaysia’s banking giant CIMB Group, asked at a Smart Nation panel discussion on Monday whether governments should continue to exclude themselves from personal data protection laws amid increasing digitalisation.

He argued that governments have to be accountable for massive amounts of citizen data, especially when a cyber breach occurs.

Mr Ramesh, who was chief information officer of Singapore postal services firm SingPost before joining CIMB last year, was speaking at the ConnectGov Leaders Summit organised by Singapore-based think-tank CIO Academy Asia.

His comments drew nods from the audience of about 100 technology leaders from Singapore, Hong Kong, Malaysia, Thailand, Japan, Indonesia and Estonia.

Among the panellists was Mr Siim Sikkut, government chief information officer of Estonia, who said: “There is no reason why the public sector should be exempt.” In fact, the public sector should be held to a higher standard in data protection, he said, noting the European Union’s General Data Protection Regulation (GDPR), which kicked in on May 25, has equalised the requirements for both the private and public sectors in Europe. “We want to ensure trust. If we have trust, we have the users and all the efficiencies and benefits.”

GDPR requirements are considered the gold standard for data privacy, trumping even the US where there are no federal laws governing data breaches. Each US state has its own sector-specific laws to govern breaches and loss of customers’ personal data.

BUILDING UP CAPABILITY

For many years the Government has outsourced IT projects, but today we are building capabilities in infrastructure, data science… and cyber security so that we have the indigenous capability within the (public) organisation.

MS LIM BEE KWAN of GovTech, on involvement in Smart Nation projects.

WINNING TRUST

Consumers and citizens ought to be given the control over their personal data, and this will instil the necessary trust required for digital initiatives.

MR GAURAV SACHDEVA, Singapore Press Holdings’ chief product officer, on control over personal data.

The GDPR is also stricter than Singapore’s Personal Data Protection Act (PDPA), which was implemented in July 2014. For instance, GDPR gives consumers the right to ask for their personal data to be erased. This does not exist in the PDPA. Also, the GDPR fine on companies is up to 4 per cent of their annual global turnover or €20 million (S$32 million) for breach of rules. The maximum PDPA fine is $1 million. Another key difference is that Singapore’s public sector is governed by a different set of rules, which has not been made public.

Mr Ilias Chantzos, senior director of cyber security specialist Symantec’s Government Affairs programmes for Europe, Middle East and Africa as well as Asia-Pacific and Japan regions, said cyber security readiness goes hand in hand with privacy rules. “Should privacy legislations bind the government? In Europe the answer is yes,” he said.

Thailand’s Dr Sak Segkhoonthod, president and chief executive of its Digital Government Development Agency,said getting his Prime Minister’s endorsement for Smart Nation projects is key to success. For 20 years, digital projects made little headway.

“We changed in six months after we came under the Prime Minister’s office,” he said, adding that a national digital identity project is under way for all citizens to transact online with public-and private-sector organisations.

Singapore’s Ms Lim Bee Kwan, assistant chief executive of Governance and Cybersecurity at GovTech, the agency in charge of digital transformation of the public sector, said public servants must also be involved in the nuts and bolts of Smart Nation projects.

“For many years the Government has outsourced IT projects, but today we are building capabilities in infrastructure, data science… and cyber security so that we have the indigenous capability within the (public) organisation,” said Ms Lim.

Singapore Press Holdings’ chief product officer Gaurav Sachdeva took part in a panel discussion on coping with fast-changing technologies at the two-day meeting, which ended yesterday. He told The Straits Times: “Consumers and citizens ought to be given the control over their personal data, and this will instil the necessary trust required for digital initiatives.”


Written by : Irene Tham
Original article can be found here

Tags

Share this post:

Responses

Your email address will not be published. Required fields are marked *

Category
Lorem ipsum dolor sit amet, consectetur adipiscing elit eiusmod tempor ncididunt ut labore et dolore magna

SPARK brings together a community of technology and business leaders from across Asia.