MDDI’s Response to PQ on Whole-of-Government Data Protection and Safeguards

Parliament Sitting on 7 April 2026

Question for Oral Reply

82. Mr Low Wu Yang Andre: To ask the Minister for Digital Development and Information (a) whether the whole-of-Government data architecture permits proprietary AI or data analytics platforms from foreign-headquartered vendors to process citizen data; and (b) if so, what legal and technical safeguards ensure that such data cannot be compelled for disclosure by a foreign government under that government’s domestic laws.

 Answer:

The Government uses best-in-class technology solutions, including those from international vendors, to deliver effective digital services for citizens and support our officers' work.

 We have established comprehensive safeguards to protect citizen data when working with any vendor. Our risk-based framework ensures that data access is granted strictly on a "needs-basis" following the principle of least privilege. Vendors are expected to implement robust technical safeguards such as non-retention of data, encryption, as well as access and identity management. Data residency may also be required, depending on the sensitivity of the data. This is coupled with proper governance frameworks and contractual agreements on how the data can be accessed, used, stored and retained. 

These help to prevent vendors from accessing, using or disclosing government data where they are not permitted to do so, including in response to demands from foreign governments.

Our approach combines global expertise, technical safeguards, legal protections, and ongoing oversight to ensure citizen data remains secure. We continuously monitor vendor compliance, conduct regular security assessments, and update our frameworks to address emerging risks and maintain public trust.