Cybersecurity: Approaches to Data Protection and Privacy
By Philip Mahboobani
Both Singapore and the UK, as leading information systems hubs, have focused on developing protection against cyberthreats. Singapore has utilised a four-pillar strategy: strengthening international partnerships (namely with the UK), developing a vibrant cybersecurity ecosystem, creating a safer cyberspace environment, and building a resilient infrastructure. The UK has similarly sought international collaboration as well as involvement with security agencies to enhance cyber security.
Recent PDPA Developments in Singapore
The amendments made to the Personal Data Protection Act 2012 have been made in phases which introduced changes such as a mandatory data notification requirement and a new legitimate interests exception. These amendments seek to resolve a wider public policy objective - to maintain accountability regarding personal data protection. These advisory guidelines and its related regulations follow the core concepts of data privacy: consent, purpose, and reasonableness.
A ’full spectrum’ approach in the UK
The UK has proposed an approach taking advantage of the digital revolution which focuses on partnerships within the security industry and better integration across defence and intelligence services. Whilst the Singapore approach innately focuses on personal data protection, the English approach can be described as ‘full spectrum’, focusing on security hazards that lead to costly breaches. This invites collaboration with defence and intelligence agencies to anticipate cyber threats. Therefore, the UK approach can be described as proactive whilst the Singaporean approach is rather more responsive in nature.
The future of cybersecurity
Both the UK and Singapore have developed cybersecurity regulations following recent attacks (such as the infiltration of the SingHealth databases) and a general exponential growth in technology start-ups. To promote a “free, open, peaceful and secure cyberspace”, both the UK and Singapore have sought to resolve the differing data privacy standards across jurisdictions by signing a joint statement to create greater security into sensors and other IoT devices. This represents a collaborative effort between both jurisdictions to improve collective cyber security.