In Parliament on Wednesday, February 13, Deputy Prime Minister Teo Chee Hean said that in the last three years, the Government made 41 police reports due to the loss of personal data by its agencies.
Nominated Member of Parliament Walter Theseira asked a question that centered around how often lapses that involve personal data have occurred in government agencies.
Data breaches of government agencies have been much in the news of late, especially with the information concerning the 14,200 HIV-positive patients in Singapore being leaked online by American Mikhy K Farrera Brochez, who had accessed information from the country’s HIV Registry illegally.
Theseira had specifically asked Prime Minister Lee Hsien Loong about the number of security incidents that involve Government personal data reported to either the Personal Data Protection Commission (PDPC) or the police from the years 2014 to 2018.
He then asked an additional question about what percentage of the cases were made known to the individuals affected in the security incidents, and what was the time duration until they were told about them.
DPM Teo answered for PM Lee, saying, “Loss of personal data by government agencies is reported to the police when there is suspected foul play, or when a physical asset such as a laptop is missing.”
Teo also made clear that the PDPC was not involved in these cases, since its not the Commission’s role to look into incidents related to the Government.
Out of the 41 cases Teo talked about, 7 people were told of the incident. For another four of the cases, the general public and the people involved were notified.
The Deputy Prime Minister also said an “average of three weeks” was the time duration for affected individuals to be involved.
However, he said this was done in a timely manner. “These reports have been made in a timely manner, with 80 per cent submitted on the same day as the discovery of the incident,” since three weeks was necessary to “identify the exact individuals affected and assess the extent of loss, to give an accurate report of the situation to the affected individuals and to recover or safeguard evidence for potential future prosecution.”
As for the rest of the incidents, DPM Teo said they concerned the loss of gadgets such as laptops, which did not compromise the data of any individual.
“Government laptops are protected by encryption and laptops that are reported lost will be immediately blocked from the Government network.”