Singapore hit by 41 cases of personal data loss in past three years

There were 30 cases that involved missing laptops, whilst 11 cases affected specific individuals.

The government reported 41 cases involving the loss of personal data to the police in the last three years, according to deputy prime minister Teo Chee Hean.

In a written response to a query by associate professor Walter Theseira on the number government personal data information security incidents reported to the police or the Personal Data Protection Commission (PDPC), Teo revealed that 30 of the cases involved missing laptops although no specific individual’s data was compromised.

Government laptops were said to be protected by encryption and lost laptops were immediately blocked from the Government network once reported.

In a total of seven incidents, the affected individuals were notified of the breach, whilst four cases were reported to both the individuals affected and the general public.

“Amongst these 11 cases, it took an average of three weeks from the police report to notify the individual,” he noted. “This was the time taken to identify the exact individuals affected, and assess the extent of loss, to give an accurate report of the situation to the affected individuals and recover or safeguard evidence for potential future prosecution.”

He further highlighted that these incidents are not reported to the PDPC, as it is not their function to investigate government-related incidents. Loss of personal data by government agencies is reported to the policy when there is suspected foul play, or when a physical asset such as a laptop is missing.

According to his written response, Teo noted that the reports were made in a timely manner, with 80% submitted on the same day as the discovery of the incident.

“From time to time, there are also incidents of data mishandling that are reported internally but not to the policy,” he admitted, explaining how such incidents typically involve the mailing of letters containing personal information to the wrong recipient or mass emails in which offers mistakenly include all recipients’ email addresses.

In these cases, police assistance or intervention is not required. The affected agencies will inform and apologise to affected individuals, and follow up with the necessary staff education and discipline to avoid a future occurrence.  

Join Singapore Business Review community
A NOTE FROM SINGAPORE BUSINESS REVIEW

The people you want to reach are already in this room.

Every quarter, SBR lands on the desks of the founders, CFOs, and directors running Asia's most consequential companies. Every day, they open our newsletter and read our website. It's a room that took twenty years to build — and it's the one most of our partners are trying to get into.

The good news is that the door is open. We work with companies on thought leadership articles, sponsored content, industry summits across Southeast Asia, regional awards programmes, podcasts, and media placements in print and digital. The shape of the right partnership depends on what you're trying to do, which is why we'd rather start with a conversation than send a rate card.


If you have something this room should know about, tell us. We'll tell you honestly whether we can help, and how.

No rate cards until we understand the brief. It's a better use of everyone's time.