Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam

Ministry of Digital Development and Information
Speeches

Opening Speech By MOS Jasmin Lau, For Second Reading Of Public Sector (Governance) (Amendment) Bill On 12 January 2026

12 January 2026

Introduction

  1. Mr Speaker, on behalf of the Minister for Digital Development and Information, I move, “That the Bill be now read a second time.”

The PSGA has empowered public agencies to better use data to serve Singaporeans

  1. Sir, the Public Sector (Governance) Act, or the PSGA was introduced in 2018 – it helped to enable public agencies to share data safely and purposefully, so that we can serve Singaporeans better.

  2. The vision was simple but powerful: A Whole-of Government approach, where agencies can work together using data responsibly, instead of asking citizens to provide the same information repeatedly or navigate multiple agencies on their own.

  3. Many Members in this House today were present back when the PSGA Bill was discussed in 2018. Thank you to all Members who supported the Bill back then.

  4. With your support, today, we have more integrated delivery of public services. About 99% of government transactions with citizens and businesses are now completed digitally from start to end, enabled by data.

  5. Here are some examples:

    1. Singaporean households automatically qualify for and receive support like U-Save rebates, CDC vouchers and Child LifeSG credits.

    2. Lower-income workers automatically receive salary top-ups from the Workfare Income Supplement Scheme.

    3. Children from lower-income families receive educational bursaries.

    4. For seniors, the Majulah package supports their healthcare and retirement. Senior Employment Credit supports their employment at the workplace.

  6. Data sharing was also critical during national crises such as COVID-19. When support had to be rolled out quickly and at scale, for example through the Jobs Growth Incentive, the Government could calculate and disburse assistance more efficiently, without placing additional burden on Singaporeans and businesses during this difficult period.

  7. At the same time, the PSGA was never only about enabling data sharing. The data sharing framework included strong safeguards. When the PSGA was debated in 2018, Members asked for clear rules on data use. These have been put in place. There are clear permitted purposes, controlled access on a need to-know basis, additional protection for sensitive data, and serious consequences for misuse.

  8. We have used the PSGA for 8 years. Effectively, and safely. When the PSGA Bill was debated in Parliament in 2018, some Members of Parliament saw the potential for PSGA to do more. They asked about data sharing with trusted partners, like our Social Service Agencies. Back then, we had promised to review this later.

Why are we amending the PSGA: Government increasingly delivers outcomes with trusted partners

Amend PSGA to unlock trusted partners’ capabilities for serving the public

  1. Now we are ready for the next step.

  2. Over time, public agencies have increasingly partnered trusted organisations outside of the public sector to deliver programmes and reach Singaporeans effectively – especially vulnerable groups where last-mile engagement matters. These include Social Service Agencies, community partners and Self Help Groups. They have deep networks, cultural understanding, and operational presence on the ground. When we work together with them, support can be more targeted, timely and coordinated.

  3. For example, the Ministry of Education works with Self-Help Groups, like the Chinese Development Assistance Council, MENDAKI, SINDA and the Eurasian Association. These Self-Help Groups understand their communities well. With access to appropriate student data, they can identify and provide targeted support to specific students in their respective ethnic communities. The data will also help these partners to assess and improve their programmes. Similarly, the Ministry of Social and Family Development, or MSF, works with SG Enable and Social Service Agencies, or SSAs, to provide an integrated ecosystem of support for persons with disabilities.

  4. But for our partnerships to work well, they need relevant data. The current PSGA does not cover them. Today, public agencies rely on individual consent, common law public interest grounds, or sector-specific legislation.

  5. These avenues are not ideal in many real-world situations.

    1. First, external partners cannot identify who to help if we cannot share that information with them. Getting consent means we must first find the people who need help and then ask them permission. This does not work when the external partner should be the first point of contact for hard-to-reach groups.

    2. Second, contact details may be outdated and vulnerable individuals may not respond in time.

    3. Third, in urgent or large-scale situations, we cannot afford delays caused by seeking consent case-by-case.

    4. Lastly, when multiple datasets and partners are involved in coordinated support, the consent route becomes onerous and fragmented.

  6. In all these cases, relying on consent means that people in need may fall through the cracks and fail to receive timely support.

  7. Common law public interest grounds can also be difficult to apply consistently, because boundaries are not clearly set out and each case needs extensive assessment.

  8. Take MSF’s partnership with SG Enable and SSAs in supporting persons with disabilities as an example.

  9. In order for SG Enable and SSAs to support persons with disabilities in areas like employment assistance, training opportunities, and referrals to relevant services, they need the relevant data on persons with disabilities from MSF.

  10. But MSF found it challenging to establish the legal basis for sharing. They went through many rounds of discussions with multiple teams to see if common law public interest applied. To reduce legal uncertainty, these social service agencies could only get the addresses of persons with disabilities. They received no other information about disability conditions, needs, or demographics.

  11. Without these other information, our partners end up spending extra time and effort re-establishing details during visits to our persons with disabilities and their families. Members in this House may have heard of these realities on the ground. Families in need end up having to repeat their stories and details to many parties who are actually trying to support them.

  12. This Bill addresses that gap. It provides a clear legal basis with guardrails for data sharing with our trusted external partners, where it serves legitimate public purposes.

What the Bill does and what it doesn’t do

  1. Mr Speaker, let me emphasise what this Bill does.

  2. Under the amended PSGA, public agencies are allowed to share data with trusted external partners only when three safeguards are met. These are: (a) having a legitimate purpose for sharing, (b) the arrangement is specifically authorised by a Minister or the Minister’s delegate; and (c) the external partner is bound by clear contractual terms of use, including data protection and security requirements.

  3. Let me also emphasise what this Bill does not do.

  4. This Bill does not create a free-for-all. It does not override other written law, legal privilege, or existing contractual restrictions. It does not authorise data sharing for commercial exploitation, marketing or unrelated purposes. And it does not remove the option for public agencies to rely on consent or other legal avenues where these remain appropriate.

Safeguard 1: Data sharing for the same public purposes

  1. Let me now elaborate on the three safeguards for data sharing. First, the Bill retains the existing discipline of the PSGA.

  2. Clause 3 ensures there is a legitimate purpose for sharing data. Public agencies can only share data for the same public purposes that govern inter-agency sharing today. If a use case does not serve these public objectives, public agencies cannot share data with external partners under the PSGA.

  3. For the MSF example I mentioned earlier, the relevant purpose under the PSGA would be well aligned with MSF’s mandate to provide support for persons with disabilities. The shared data would help disability SSAs to provide more efficient and targeted support.

Safeguard 2: Case-by-case Ministerial Authorisation and oversight

  1. Second, each data sharing arrangement with an external partner needs specific authorisation by a Minister, or his/her delegate. This is the second safeguard under clause 3.

  2. The authorisation must clearly specify what data can be shared, which partner receives it, and for what purpose it may be used.

  3. This ensures high-level oversight for each and every arrangement. It is not a broad, open-ended permission.

  4. The public agency must assess the organisation's ability to fulfil its role and handle data responsibly with proper security protections. Where the partner is unable to meet the required safeguards, the sharing will not proceed.

Safeguard 3: External partners governed by strong Terms of Use calibrated to risk, with support for partners to meet the bar

  1. The third safeguard is ensuring that all external partners are bound by clear Terms of Use that set out how the data is protected and used.

  2. I spoke earlier about the government’s existing internal rules for data protection and security. Currently public agencies already need to make sure external partners whom they share data with are able to meet these requirements, and are contractually bound to do so.

  3. While public agencies already hold external partners to such requirements, we will provide more specific guidance to ensure consistency across different partnerships. These will include data protection and security requirements and will be calibrated to risk. In other words, this will not be a one-size-fits all approach.

  4. The more sensitive or confidential the data, the higher the safeguards required. This will include tighter access controls, and stronger encryption and logging.

  5. This ensures that all external partners understand and uphold their responsibility to protect the data and are contractually bound to maintain the necessary safeguards to robust and consistent standards. Where partners, especially smaller organisations, need to strengthen capabilities to meet these requirements, we will work with them so that safeguards are consistently applied.

Accountability and consequences – including for incidents

  1. Mr Speaker, expanded data sharing will mean expanded accountability too. This Bill introduces criminal offences for individuals in external organisations.

  2. Today, the Personal Data Protection Act or PDPA already criminalises individuals’ misuse of personal data held by private organisations or public agencies. The PDPA sets out offences for the unauthorised use and disclosure of personal data, and unauthorised re-identification of anonymised information. Clause 8 of this Bill introduces related amendments to the PDPA to ensure that these offences can apply to misuse of shared data by individuals from external partners.

  3. For non-personal data, the Bill introduces new offences for the unauthorised use or disclosure of shared data by individuals within the external partners. Clauses 6 and 7 of the Bill provide for this. With these expanded PSGA offences, individuals in external organisations face the same level of penalties that public officers are currently subject to for misusing shared data.

  4. Together, the PDPA and PSGA will provide for complementary offences for stronger deterrence against abuse.

  5. Beyond criminal offences, the Government also retains strong and practical levers:

    1. Enforcement of contractual Terms of Use;

    2. Tightening of requirements if an incident reveals additional safeguards are necessary;

    3. Where appropriate, revoking authorisation and ceasing the data sharing arrangement.

Additional amendment

  1. Mr Speaker, the Bill also makes an amendment to the PSGA, to clarify and make clear that the current set of public sector purposes specified in the PSGA apply for both data sharing with other public agencies, as well as for the public agency’s own use. As the latter is not explicitly stated today, this amendment will clarify, to avoid any doubt, that public agencies are permitted to use their own data to work more effectively.

  2. This removes unnecessary uncertainty and administrative delay, while maintaining the same discipline.

  3. For example, in 2023, MOE had planned a new survey called Parents' Voices. This was to understand parents' views on education policies. MOE already had parents' contact information from student data collected during school admission. As the PSGA was not explicit that the data MOE had could be used for other purposes, MOE spent an extra month checking if this new use met the threshold for public interest or consent exclusions. This was counter-intuitive since MOE could already share such data with other public agencies under PSGA purposes.

  4. The amendment we are making is aligned with the PSGA’s original intent to enable the public sector to use data both across and within public agencies to fulfil their functions. To be clear, this amendment does not apply to external partners. Each of our use cases with external partners must be specifically authorised by the relevant Minister.

Protections for health information

  1. Let me turn to health information specifically. The Government will be introducing a Health Information Bill, also known as HIB, which will set out a framework governing information contributed to and accessed from the National Electronic Health Record (called NEHR). This is particularly for healthcare delivery purposes across the ecosystem of providers.

  2. Both PSGA and the HIB are complementary bills. Where public agencies need NEHR data for healthcare purposes, the HIB governs this use. This applies when a public agency performs a healthcare service, such as medical consultations or laboratory tests. The PSGA will continue to govern government data in general, including health information for broader public purposes outside healthcare delivery – for example, de identified data for policy analysis by other public agencies. The safeguards that I spoke about earlier will apply to such information shared under PSGA. Cybersecurity and data security safeguards matching those under the HIB will be required through the Terms of Use for external partners.

  3. There is one exception relating to the MHA. MHA conducts job fitness and medical examinations to ensure individuals are suitable for various deployments. Many of these examinations by MHA will access NEHR under the HIB because they are statutory medical examinations. But some job fitness assessments fall outside the HIB's statutory framework. These include fitness assessments for regular uniformed officers to bear arms or take on demanding deployments. NEHR information for such assessments would be shared under the PSGA for public safety reasons. MHA will seek consent from personnel and conduct personal data protection impact assessments. Both requirements cannot be waived without consulting MOH first.

  4. MOH will be going through the HIB in greater detail later.

Our commitment to enable government and trusted partners to serve Singaporeans better

  1. Mr Speaker, in my maiden speech in Parliament, I emphasised that digital services must be efficient, inclusive and trusted. Technology must serve people, not the other way around. The same principle applies to data.

  2. We share data because it enables us to serve Singaporeans better. In doing so, we aim to strike the right balance – making data sharing not just more effective, but safer.

  3. This Bill represents a careful evolution of the PSGA. It extends our data sharing and governance framework that has enabled better services within Government, to trusted partnerships beyond Government, all while keeping clear what our purpose is, ensuring that there is high-level oversight, strong safeguards and strong accountability.

  4. The enactment of PSGA in 2018 was a watershed moment. It enabled data across government to serve citizens under strong governance. With the proposed amendments, we maintain our commitment to protect data, while addressing the reality that effective service delivery requires trusted partnerships beyond public agencies.

  5. These amendments will enable vulnerable Singaporeans to receive faster, targeted and more coordinated support, when they need it most. The amendments will create clearer legal pathways for responsible partnerships while maintaining rigorous oversight and accountability.

  6. With Members’ support to enhance our data sharing regime, this Bill ensures that data serves citizens more effectively and responsibly. By working closely with trusted partners for more responsive and integrated service delivery, we can further improve citizens’ lives and uplift those who need help.

  7. Mr Speaker, I beg to move.

Back to top