Public Sector Governance Act
Singapore
Data Governance
Definitions of Data:
“Information” is defined to include (a) any facts, statistics, instructions, concepts or other data in a form that is capable of being communicated, analysed or processed (whether by an individual or a computer or other automated methods); and (b) data sets.
Main Focus of Document:
To provide for a consistent governance framework across public bodies in Singapore and to support a whole-of-government approach to the delivery of services in the Singapore public sector.
Target Beneficiaries or Sectors:
N/A
Key Elements:
Key sections include: Directions for whole-of-government approach to data sharing 4.—(1) Subject to subsection (2), the Minister may, on the recommendation of the relevant Minister (if any), give or jointly give a direction, as the case may be — (a) to all Singapore public sector agencies; or (b) to a Singapore public sector agency or a class of Singapore public sector agencies specified in the direction, requiring the Singapore public sector agency or agencies concerned to comply with a policy of the Government (as amended from time to time, and with or without modifications) relating to all or any pertinent subject matter. (2) A direction under subsection (1) may be made only for all or any of the following purposes: (a) to uphold and promote the values of the Singapore public sector; (b) to secure economies or efficiencies for the Singapore public sector; (c) to improve (directly or indirectly) the efficiency or effectiveness of policies, programme management or service planning and delivery by Singapore public sector agencies (whether by carrying out data analytics work or otherwise); (d) to ensure business continuity; (e) to ensure accountable and prudent stewardship of Singapore public sector finances and resources; (f) to manage risks to the financial position of the Government; (g) to support a whole-of-government approach in the discharge of the Singapore public sector agencies’ functions.
Authority to share 6.—(1) Where a data sharing direction is given to a Singapore public sector agency — (a) the Singapore public sector agency and every officer of that agency; and (b) where the Singapore public sector agency is a public body, the members of the public body, are authorised to share the information under the control of the Singapore public sector agency with another Singapore public sector agency to the extent permitted by the data sharing direction despite any obligation as to confidentiality under the common law. (2) However, subsection (1) does not override any obligation as to confidentiality because of legal privilege or contract. (3) To avoid doubt, this Act is not intended to prevent or discourage the sharing of information by Singapore public sector agencies as permitted or required by or under any Act or other law (apart from this Act).
Unauthorised disclosure and improper use of information 7.—(1) If — (a) an individual discloses, or the individual’s conduct causes disclosure of, information under the control of a Singapore public sector agency to another person (whether or not a Singapore public sector agency); (b) the disclosure is not authorised by any data sharing direction given to the Singapore public sector agency; (c) the individual is a relevant public official of the Singapore public sector agency at the time of the disclosure; and (d) the individual does so — (i) knowing that the disclosure is not in accordance with that direction; or (ii) reckless as to whether the disclosure is or is not in accordance with that direction, the individual shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both. (2) In proceedings for an offence under subsection (1), it is a defence for the defendant to prove, on a balance of probabilities, that the defendant disclosed, or caused the disclosure of, information under the control of a Singapore public sector agency — (a) as permitted or required by or under an Act or other law (apart from this Act); or (b) as authorised or required by an order of court. (3) If an individual — (a) makes use of information under the control of the Singapore public sector agency when he or she is a relevant public official of a Singapore public sector agency or a contractor (or an employee thereof) supplying goods or services to a Singapore public sector agency; and (b) obtains a gain for himself or herself as a result of that use, the individual shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both. (4) In proceedings for an offence under subsection (3), it is a defence for the defendant to prove, on a balance of probabilities, that the information under the control of a Singapore public sector agency was, at the time of its use by the defendant, generally available information. (5) In this section — “disclose”, in relation to information, includes provide access to information; “gain” means — (a) a gain in property or a supply of services (whether temporary or permanent); or (b) an opportunity to earn remuneration or greater remuneration or to gain a financial advantage otherwise than by way of remuneration; “generally available information” means information that consists of readily observable matter, including information that consists of deductions, conclusions or inferences made or drawn from readily observable matter; “relevant public official”, for a Singapore public sector agency, means — (a) an officer of the Singapore public sector agency; (b) a member of a Group 1, Group 2 or Group 3 public body which is that Singapore public sector agency, or of the governing body of such a public body; or (c) the chief executive of a Group 1, Group 2 or Group 3 public body which is that Singapore public sector agency.
Unauthorised re-identification of anonymised information 8.—(1) If — (a) an individual takes any action to re-identify or cause re-identification of the person to whom anonymised information under the control of a Singapore public sector agency relates; (b) the re-identification is not authorised by any data sharing direction given to the Singapore public sector agency; (c) the individual is a relevant public official of the Singapore public sector agency at the time of taking that action; and (d) the individual does so — (i) knowing that the re-identification is not authorised by that data sharing direction; or (ii) reckless as to whether the re-identification is or is not authorised by that data sharing direction, the individual shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both. (2) In proceedings for an offence under subsection (1), it is a defence to the charge for the accused to prove, on a balance of probabilities, that — (a) the information on the identity is publicly available; or (b) the action to re-identify or cause re-identification is — (i) permitted or required by or under an Act or other law (apart from this Act); or (ii) authorised or required by an order of court. (3) In this section — “anonymised information” means any information which is in anonymised or de-identified form; “relevant public official” has the meaning given by section 7(5).
Policy/regulation mirrored: