As Singapore transforms itself into a Smart Nation, a more robust personal data protection regime is needed to safeguard the enormous amount of private information generated by this high-tech architecture. Underscoring the dangers of cyber intrusion and data theft, Hong Kong-based toymaker VTech was recently hit by hackers, who stole the personal data of five million customers worldwide.

Currently, the regime regulating personal data held by the private sector includes the Personal Data Protection Act, the Telecommunications Act and the Banking Act. In addition, the Computer Misuse and Cybersecurity Act oversees the unlawful access to data, while the law of confidence criminalises unauthorised publication and misuse of private confidential information. The Personal Data Protection Act serves as a baseline legislation that governs general activities with the higher standards applying to specific areas (for example, the Banking Act will apply for banking records).

While extensive, this personal data protection regime will no longer be adequate in the Smart Nation scenario. Although a more robust personal data protection regime will not wipe out data theft and abuse, it will at least make it more costly and difficult to do so.

… Tan Teck Boon is a research fellow at the S. Rajaratnam School of International Studies (RSIS) at Nanyang Technological University. This commentary first appeared in RSIS Commentary.