• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Future Issues and Technology Cluster
    • [email protected] Newsletter
    • Other Research
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • International Strategy Forum-Asia (ISF-Asia)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Future Issues and Technology Cluster
      • [email protected] Newsletter
      • Other Research
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • International Strategy Forum-Asia (ISF-Asia)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • CO16036 | We, Citizens of Smart Singapore: Data Protection in Hyper-connected Age
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO16036 | We, Citizens of Smart Singapore: Data Protection in Hyper-connected Age
    Tan Teck Boon

    17 February 2016

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    Data theft and abuse is expected to increase with hyper-connectivity. A more robust personal data protection regime goes hand in hand with a smart Singapore. What are the key features of this regime?

    Commentary

    AS SINGAPORE transforms into a smart nation, a more robust personal data protection regime is needed to safeguard the enormous amount of private information generated by this high-tech architecture. Underscoring the dangers of cyber intrusion and data theft, Hong Kong-based toymaker Vtech was recently hit by hackers who stole the personal data of five million customers worldwide.

    Currently, the regime regulating personal data held by the private sector includes the Personal Data Protection Act, the Telecommunications Act and the Banking Act. In addition, the Computer Misuse and Cybersecurity Act oversees the unlawful access to data while the law of confidence criminalises unauthorised publication and misuse of private confidential information. The Personal Data Protection Act serves as a baseline legislation that governs general activities with the higher standards applying to specific areas (e.g., the Banking Act will apply for banking records).

    Hyper-connectivity and its Discontents

    While extensive, this personal data protection regime will no longer be adequate in the smart nation scenario. Although a more robust personal data protection regime will not wipe out data theft and abuse, it will at least make it more costly and difficult to do so.

    In the smart nation, an array of Internet-enabled gadgets will generate a vast amount of personal data. However, the personal data generated by these gadgets will not only contain plain information like names, birth dates and contact details but also deeply private and revealing information like energy consumption patterns, geo-location data and even lifestyle habits. It is conceivable that citizens could be put at risk of serious financial and reputational losses if this information trove were stolen or lost and then used by criminals for illicit purposes.

    To be fair, the smart nation is expected to engender a myriad of economic, societal and environmental benefits. The main issue though is that some of the Internet-enabled but resource-constrained gadgets endemic to this high-tech architecture might also open up more pathways for hackers to exploit. Given the revealing nature of the data in question, cyber criminals could in theory use these data for blackmails or scams.

    As the number of Internet-enabled gadgets going online increases and the volume of revealing personal data swells concomitantly, the chilling prospect is that anyone with the slightest infraction – moral or otherwise – can become victims of cyber criminals.

    Insider Theft

    Apart from hackers exfiltrating personal data, employee theft will also be a matter of concern. If anything, insider theft of data are often more damaging than malicious attacks carried out by external hackers since the errant employee not only knows where the most prized data are stored but also how to gain access to it. And of course, personal data can be leaked into the open because of employee carelessness. While not particularly malicious, such breaches are nevertheless serious if the data lost were to fall into the wrong hands.

    Because the data generated by the smart nation will also reveal a wealth of information on consumer preferences and tastes, businesses might also be tempted to data-mine this treasure trove for insights. From targeted advertising to ideas for the next product hit, the commercial reward can be tremendous. But the real danger is when the same insights are used to single out and penalise certain individuals. Consider what might happen to a man betrayed by his Internet-enabled gadgets to live an unhealthy and even risky lifestyle.

    If that information were leaked to his health insurer, he will either be required to pay a higher premium or worse, denied health insurance altogether. And what if that information were uncovered by his employer? The question of whether he will be denied employment subsequently is a legitimate one.

    While there is no evidence that such malfeasance has already happened despite the rapid proliferation of Internet-enabled gadgets in our homes, one should note too that it is now a common practice for tech companies to collect all sorts of user data ostensibly for troubleshooting purposes and to push advertisements. As companies get better at analysing and understanding the data they collect in the coming years, the temptation to extract commercial rewards from this treasure trove will invariably be even stronger.

    Data Protection in the Hyper-connected Age

    What should a more robust personal data protection regime for the private sector in Singapore be like? At a minimum, the regime would need to delineate clearly which data sets belong to whom and more importantly, which data could be shared and aggregated. Apart from personally identifiable information (e.g., names, birth dates and contact details), data that can potentially reveal one’s routine, lifestyle and movements should come under the regime’s protection too.

    Beyond that, it would need to place legal restrictions on the aggregation of personal information harvested from different Internet-enabled gadgets. This will at least make it more difficult for cyber criminals and errant businesses to piece together private information harvested from disparate sources and link specific data sets to individuals.

    Encryption is one way to prevent personal data from being read when stolen or leaked but eventually, it might be worthwhile to consider ending the practice of having the private sector hold on to the personal data that it collects. With deeper domain expertise in cybersecurity and more rigorous practices in place for handling confidential data, the government might actually be in a stronger position to safe-keep personal data on behalf of the private sector.

    If this were implemented, the risk of personal data theft will be significantly reduced and limited to when data are being transferred between points. The fact that major data breaches in Singapore have so far been confined to the private sector does lend some credence to this move.

    Ultimately, a more robust personal data protection regime must go hand in hand with the smart nation. Indeed, when private citizens are convinced that their personal data are secure and well-protected, they will also be more likely to embrace and play an active part in this high-tech architecture. Hence, the issue of data protection needs to be addressed now and not when it is too late. That would be the smart thing for a smart nation to do.

    About the Author

    Tan Teck Boon is a Research Fellow at the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore.

    Categories: Commentaries / Country and Region Studies / Non-Traditional Security / Singapore and Homeland Security / Southeast Asia and ASEAN

    Last updated on 17/02/2016

    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    Synopsis

    Data theft and abuse is expected to increase with hyper-connectivity. A more robust personal data protection regime goes hand in hand with a smart Singapore. What are the key features of this regime?

    Commentary

    AS SINGAPORE transforms into a smart nation, a more robust personal data protection regime is needed to safeguard the enormous amount of private information generated by this high-tech architecture. Underscoring the dangers of cyber intrusion and data theft, Hong Kong-based toymaker Vtech was recently hit by hackers who stole the personal data of five million customers worldwide.

    Currently, the regime regulating personal data held by the private sector includes the Personal Data Protection Act, the Telecommunications Act and the Banking Act. In addition, the Computer Misuse and Cybersecurity Act oversees the unlawful access to data while the law of confidence criminalises unauthorised publication and misuse of private confidential information. The Personal Data Protection Act serves as a baseline legislation that governs general activities with the higher standards applying to specific areas (e.g., the Banking Act will apply for banking records).

    Hyper-connectivity and its Discontents

    While extensive, this personal data protection regime will no longer be adequate in the smart nation scenario. Although a more robust personal data protection regime will not wipe out data theft and abuse, it will at least make it more costly and difficult to do so.

    In the smart nation, an array of Internet-enabled gadgets will generate a vast amount of personal data. However, the personal data generated by these gadgets will not only contain plain information like names, birth dates and contact details but also deeply private and revealing information like energy consumption patterns, geo-location data and even lifestyle habits. It is conceivable that citizens could be put at risk of serious financial and reputational losses if this information trove were stolen or lost and then used by criminals for illicit purposes.

    To be fair, the smart nation is expected to engender a myriad of economic, societal and environmental benefits. The main issue though is that some of the Internet-enabled but resource-constrained gadgets endemic to this high-tech architecture might also open up more pathways for hackers to exploit. Given the revealing nature of the data in question, cyber criminals could in theory use these data for blackmails or scams.

    As the number of Internet-enabled gadgets going online increases and the volume of revealing personal data swells concomitantly, the chilling prospect is that anyone with the slightest infraction – moral or otherwise – can become victims of cyber criminals.

    Insider Theft

    Apart from hackers exfiltrating personal data, employee theft will also be a matter of concern. If anything, insider theft of data are often more damaging than malicious attacks carried out by external hackers since the errant employee not only knows where the most prized data are stored but also how to gain access to it. And of course, personal data can be leaked into the open because of employee carelessness. While not particularly malicious, such breaches are nevertheless serious if the data lost were to fall into the wrong hands.

    Because the data generated by the smart nation will also reveal a wealth of information on consumer preferences and tastes, businesses might also be tempted to data-mine this treasure trove for insights. From targeted advertising to ideas for the next product hit, the commercial reward can be tremendous. But the real danger is when the same insights are used to single out and penalise certain individuals. Consider what might happen to a man betrayed by his Internet-enabled gadgets to live an unhealthy and even risky lifestyle.

    If that information were leaked to his health insurer, he will either be required to pay a higher premium or worse, denied health insurance altogether. And what if that information were uncovered by his employer? The question of whether he will be denied employment subsequently is a legitimate one.

    While there is no evidence that such malfeasance has already happened despite the rapid proliferation of Internet-enabled gadgets in our homes, one should note too that it is now a common practice for tech companies to collect all sorts of user data ostensibly for troubleshooting purposes and to push advertisements. As companies get better at analysing and understanding the data they collect in the coming years, the temptation to extract commercial rewards from this treasure trove will invariably be even stronger.

    Data Protection in the Hyper-connected Age

    What should a more robust personal data protection regime for the private sector in Singapore be like? At a minimum, the regime would need to delineate clearly which data sets belong to whom and more importantly, which data could be shared and aggregated. Apart from personally identifiable information (e.g., names, birth dates and contact details), data that can potentially reveal one’s routine, lifestyle and movements should come under the regime’s protection too.

    Beyond that, it would need to place legal restrictions on the aggregation of personal information harvested from different Internet-enabled gadgets. This will at least make it more difficult for cyber criminals and errant businesses to piece together private information harvested from disparate sources and link specific data sets to individuals.

    Encryption is one way to prevent personal data from being read when stolen or leaked but eventually, it might be worthwhile to consider ending the practice of having the private sector hold on to the personal data that it collects. With deeper domain expertise in cybersecurity and more rigorous practices in place for handling confidential data, the government might actually be in a stronger position to safe-keep personal data on behalf of the private sector.

    If this were implemented, the risk of personal data theft will be significantly reduced and limited to when data are being transferred between points. The fact that major data breaches in Singapore have so far been confined to the private sector does lend some credence to this move.

    Ultimately, a more robust personal data protection regime must go hand in hand with the smart nation. Indeed, when private citizens are convinced that their personal data are secure and well-protected, they will also be more likely to embrace and play an active part in this high-tech architecture. Hence, the issue of data protection needs to be addressed now and not when it is too late. That would be the smart thing for a smart nation to do.

    About the Author

    Tan Teck Boon is a Research Fellow at the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University, Singapore.

    Categories: Commentaries / Country and Region Studies / Non-Traditional Security / Singapore and Homeland Security

    Last updated on 17/02/2016

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    CO16036 | We, Citizens of Smart Singapore: Data Protection in Hyper-connected Age

    Synopsis

    Data theft and abuse is expected to increase with hyper-connectivity. A more robust personal data protection regime goes hand in hand with a smart Sing ...
    more info