“I would like to think that the data available in my government is secured from external threats of technology abuse, bully hackers and unauthorized users. If a whole batch of citizen’s personal information and their activities were leaked to outsiders, would the government relish informing the public for dread of reprisal and loss of reputation? How can information ever be truly safe? And safe from what for that matter? One can only hope that the information available with anyone stays in its rightful place. It is not the issue about the personal information or data being safe, it’s a question of the person being safe.
In other instances, citizen’s data and information is shared and easily retrieved within various government agencies and departments since there is a central database facilitating storage for work purpose. However the government and its agencies in my country have a competing influence of networks of non-governmental, non-critical businesses in almost every sector of the economy, such as food, retailing, tourism, banking, education, insurance and healthcare. This is persuasive to the point of sending many small-medium private enterprises to their graves. So the amount of personal information that trickles down from governmental to non-governmental organizations become difficult to determine and track. Moreover, there is no stopping any corrupted government officials from forming a syndicate to sell and disclose personal information to others.
Although I’m unsure if such information ever sees the light in the public, there are specific legislation to prevent personal information from being accessed, scrutinized and misused by other people or business organizations that have no proper rights to obtain such information in the first place. Yes, in fact in my country has just enacted the Personal Data Protection Act (PDPA) in 2012. Prior to this enactment, there was no formal law governing the protection of personally identifiable information. The collection, use and disclosure of personal data in Singapore was regulated to a certain extent by blobs of laws including common law, sector-specific legislation and various self-regulatory or co-regulatory codes, such as the SPAM Control Act, or Do Not Call Act. The SPAM Control Act requires any person who sends unsolicited commercial electronic messages in bulks to comply with certain obligations. Although this is quite difficult since much of the bulk of data is global in nature, the regulatory office does educate one on how to minimize the bulk of such infiltrates. One can filter, block, resend, blacklist, reset servers, do civil recourse.
There are other individual legislative acts relative to industrial sectors, e.g. banking, retail etcetera. In general the PDPA contains the general rules with respect to protection of personal data and the rules relating to the collection, use, disclosure, access to of personal data. There is a setup commission, i.e. the PDPC, is empowered to issue formal reprimand to a culpable organization to stop collecting, using or disclosing personal data, and impose financial penalties of up to $1 million.
Thus, such legislations enacted ensure data protection behavioural compliance to some extent, although each citizen and corporation can do more to contribute and comply with these acts.” – Patrick Sim – Singapore, Singapore