With businesses fumbling, Singapore must take more care in data aspirations

Singapore government has been opening up user data access to ease information exchange and business transactions, but it should observe some caution as major organisations continue to slip up over security.
Written by Eileen Yu, Senior Contributing Editor

The Singapore government has been opening up access to citizen data to facilitate business transactions and information exchange, but with organisations fumbling over security including major global firms, it needs to take a step back and seriously assess the implications.

Its efforts were touted as essential in the country's smart nation drive, where emphasis had been placed on providing data to spur the development of new citizen services and support data analytics and Internet of Things (IoT).

However, with businesses losing customer data to hackers and resorting to questionable practices in managing such data, the Singapore government needs to take a step back and evaluate potential risks it may be introducing to citizens in opening up access to their data.

My own concerns here were compounded when I recently changed banks in refinancing a home loan. After almost two frustrating months of back and forth as the bank, to which I was moving the loan, asked for supporting documents and other details, the transfer was finally approved and I was asked to make a visit to sign the final application form.

Only then was I informed that, as a condition of taking on the bank's loan, I would have to purchase my home insurance coverage from its insurance partner--even though I already had an existing one from another provider. I also was required to buy a mortgage insurance policy from, again, its preferred partner.

When I expressed my displeasure that I wasn't told about this before I started the application process and, more importantly, over the lack of consumer choice, the bank said I could still decide not to go ahead with the transfer. However, after spending two months pushing through the process, I certainly wasn't ready to waste another two months sourcing for and signing up with another bank.

Also, buried inside the fine print, the bank stated it was able to share my personal data with the partner, which also had the option to use my data to send me marketing mailers, amongst others.

Presumably, because it is a major market player, the bank has included these service terms legally and within the confines of Singapore's personal data protection laws.

If that is the case, consumers like me should have more cause for concern especially as more partnerships between different industry sectors are established--and more of our data face the possibility of being "cross-pollinated".

Sign up as a bank customer and you'll receive marketing messages from insurance companies you're not a customer of, or buy a cup of latte and get a push message from an online furniture shop to purchase the chair you're sitting on in the cafe.

And that's just cause for minor irritation, compared to the heightened risk consumers then will face with their data increasingly exposed as more and more companies gain access to it.

As it is, even global companies including Uber and AXA Insurance have fallen prey to cyber hackers, resulting in customer data including those in Singapore being compromised. The Singapore government itself has suffered security breaches and uncovered lapses in its IT system control.

More worrying, cybersecurity still isn't a top priority in boardroom discussions despite most companies in this region having experienced a security breach.

The Singapore government has assured that citizen data are safely protected across its agencies' databases and systems, but that alone isn't enough. With businesses sharing customer data amongst their partners, including the likes of Google that continue to collect information without consent, the government needs to also ensure access to citizen data serves only to facilitate a specific transaction and to the citizen's benefit.

Organisations that are given access should have their systems and security measures audited, and they must adhere to guidelines on how citizen data should be managed and used.

Easing data access to improve service delivery is a good thing, but this should be carried out alongside strict policies to make sure businesses do not step out of line. One wrong step and citizens will lose confidence in the system, and Singapore's smart nation drive will face a serious roadblock.

Editorial standards