Singapore has introduced a framework designed to resolve challenges businesses typically face when sharing data assets, such as the need to ensure regulatory compliance and a lack of standardised methodologies and trust with whom they shared data. Called Trusted Data Sharing Framework, it aims to facilitate data-sharing to drive the development of new products and services as well as establish consumer confidence that their data will be safeguarded.
The model was unveiled Friday by industry regulators Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC), which underscored the importance of ensuring the "trusted use of data" and data flows so digital economies, such as Singapore, could thrive.
Data, for one, played an essential role in an organisation's ability to be innovative and customise services and processes for different market segments. Consumers, too, must be willing to share their data with businesses and more would be encouraged to do so if they had confidence in a company's ability to use and protect data.
IMDA said in a statement: "The intent of the framework is that, with stronger safeguards and clarity on regulatory compliance, consumers will be more ready to share their data and consequently benefit from more personalised goods and services."
It noted that businesses faced several challenges in sharing their data assets, such as a lack of system approaches in facilitating such activities. They also faced hurdles establishing trust with partners with which they shared data whilst ensuring they remained in compliant with regulations such as Singapore's Personal Data Protection Act (PDPA), which is governed by the PDPC.
In addition, organisations were challenged in valuing the data assets they owned and concerned that sharing their data could expose trade secrets or lead to a loss of business competitiveness.
The data sharing framework aims to address these concerns by offering a common data-sharing syntax to help businesses establish baseline practices. This focuses on four areas: data-sharing strategy; legal and regulatory considerations; technical and organisation considerations; and operationalising data sharing. These comprise data-sharing requisites, use cases that organisations can assess, technical models, and processes to ensure transparency during and after data exchange.
According to IMDA, the framework outlines a systematic approach to broader considerations for establishing trusted data-sharing partnerships and includes content from existing PDPC guides on personal data anonymisation and sharing.
It also encompasses a guide to data valuation to facilitate data sharing as well as sample legal templates businesses could use to create data-sharing contracts. "When using the framework, organisations will also be guided through the regulatory considerations and the contractual, technical and operational safeguards needed in a data-sharing arrangement," said IMDA.
"The framework can help uplift practice norms--enabling better, trusted data flows for the digital economy, both within the local ecosystem and globally. They can also empower emerging technologies such as artificial intelligence (AI) by incorporating accountability, transparency, and human-centricity by-design right from the beginning."
Expected to be included as part of the upcoming amendment to the country's data protection law, the new guidelines state businesses must take no more than 30 days to investigate a suspected breach and notify authorities 72 hours after completing their assessment of the breach.
Following several breaches involving government entities, Singapore's prime minister has assembled a committee to review data security practices in the public sector, but the government stands firm on excluding these agencies from the country's Personal Data Protection Act.
Singapore government is setting up an advisory council to look at the "ethical use of artificial intelligence and data" as well as recommend codes of practice and governance.
As businesses capture more information about customers, consumers need to be more informed about such practices and industry guidelines and codes of conduct must evolve to ensure responsible data use.
Smart nation plan means massive amounts of data will be collected and analysed, prompting questions about data privacy and security. With Singapore's public sector excluded from the country's data protection act, how will data management be properly governed?