Universal security and privacy automation
Protect data and manage risk
Analyze conversational chat data
Reduce the time and cost to comply
Self-service without friction or delay
Align data protection and business use
Tailor access controls and data privacy
Flexible, consistent, scalable
Automate actionable compliance steps
Who we integrate with
Our professional services
Power responsible use
From clinical to commercial
Optimize data tests
Open new revenue streams
Realize the potential of the cloud
Protect data from misuse
Transform your data
Opinion and industry insights
An A to Z of the industry
The podcast for data leaders
The latest compliance news and advice
Press releases, awards, and more
Staying at the cutting edge
The team behind Privitar
A thriving partner ecosystem
Our story, values, and careers
Dedicated customer assistance
Jul 20, 2019
Governments worldwide are under twin pressures — not only to use their data to inform policies, make better decisions, and deliver improved public services for less, but also to meet the public’s expectation that they maintain the highest standards of data privacy and protection.
Meeting both objectives is difficult, and both public and private organizations have suffered the consequences of data exposure or data losses that have eroded the trust of their citizens and customers by failing to safeguard private, personal information.
Singapore is taking action. Following two major data breaches in the last year, the government has announced measures to reform data-protection standards across the public sector.
The technical measures are the first from a new Public Sector Data Security Review Committee convened by Prime Minister Lee Hsien Loong. The committee was formed after a spate of cyber-security breaches over the past year, including one involving the personal data of more than 800,000 blood donors accessed illegally and uploaded on an unauthorized server for more than two months.
Singapore’s 13 technical measures conform to a common definition of what is entailed for sensitive information as outlined in a new Information sensitivity framework, which will supplant the current practices by public agencies, many of which devised the practices themselves.
The 13 measures, which can be accessed in full here, are:
Data security is necessary, but insufficient for uncompromised data privacy.
For sure, all organizations need strong password protection, access controls, and the many other security measures most organizations have in place today. But many breaches, like the database breach that Singapore suffered, come from insiders, who have authorized access that takes them past the traditional perimeter security controls.
Privacy controls are what protect individual’s identity when their data is being accessed, whether by someone who is authorized to do so or not. So, if privacy controls are important, what are these controls, and what should governments and businesses be thinking about?
Ahead of the final report, the Singapore committee would do well to consider the following:
One example of an organization that has implemented many of these measures is the UK’s NHS Digital. NHS Digital uses comprehensive de-identification capabilities, central policy management, data watermarking, and other advanced privacy enhancing technologies. A key feature of the solution is the ability to allow for datasets to be linked without revealing the raw identifiers. Using partially homomorphic encryption ensures that datasets from different providers can be joined together by the central organization, but if the data is exposed it cannot be linked by any other party.
Data privacy engineering is a rapidly evolving field, as it needs to be to deal with the rapidly evolving threats and the enormous opportunities of the data age. That’s why it’s paramount to work with experts who understand what is possible today, and what will be coming tomorrow.
The approach the Singaporean Government is taking is correct, both with regard to the involvement of external experts in their committee and looking across the public sector to ensure consistency of standards.
Other countries will benefit by following Singapore’s lead before, rather than after, they suffer a major privacy incident.
Guy Cohen is a Strategy and Policy Lead at Privitar.
Sorry, no posts matched your criteria.
Our experts are ready to answer your questions and discuss how Privitar’s security and privacy solutions can fuel your efficiency, innovation, and business growth.