Assoc Prof Jamus Jerome Lim asked the Minister for Culture, Community and Youth (a) what are the guidelines and protocols on protecting the personal data of individuals that are collected, used, and disclosed by public agencies, in particular the People’s Association, to grassroots advisers (GRAs) and their associated volunteers; (b) what safeguards are in place when the personal data involved relates to children; and (c) in the event of a data breach, what recourse and resources are available to assist affected GRAs and volunteers in rectifying the breach.
Mr Edwin Tong Chun Fai: Data management in the People’s Association (PA), as with other public agencies, is governed by the Public Sector (Governance) Act (PSGA) 2018 and the Government Instruction Manual (IM) on ICT and Smart Systems Management: Data. The IM sets out, amongst other things, the data protection requirements that apply in respect of the management of personal data.
There is a framework in place to manage any Government data incidents. Standard operating procedures and workflows are included to guide and ensure that the relevant personnel comply with applicable policies and procedures. In the event of any data breach, PA would have regard to the specific circumstances and context in which the breach had occurred, in assessing the appropriate remedial actions to be taken.
Ministry of Culture, Community and Youth
15 February 2022