Mdm Deputy Speaker, Singapore is widely regarded as one of the safest cities in the world, because of the relentless efforts of our Law Enforcement Agencies (LEAs). Amongst other capabilities, investigation plays a key role in solving crimes and upholding public confidence.
We must continue to enable our officers with the right investigation capabilities and legal framework, so they remain effective in keeping Singapore safe. One key step is to expand how we collect, use and store information from case persons, with the necessary safeguards in mind.
On this basis, I believe the amendments in this Bill on the collection, use and storage of information from case persons are well-intentioned and sound. Nonetheless, I would like to seek some clarifications.
Expand Collection and Retention of Information
A key amendment is to allow police officers to instruct a suspect to provide blood samples to collect DNA, without the need for a Magistrate’s order.
While this will boost timeliness of collection, as a safeguard, can Minister share if this process will be authorised and supervised by an officer who is appropriately trained and qualified? Greater assurance could, for example, be achieved by requiring officers of a minimum rank, similar to requirements stated in the Criminal Procedure Code.
Regarding retention of information, as the intent of this Bill is to collect more data to improve investigations, can Minister clarify the rationale for the default expungement of suspects’ information in cases of No Further Action under clause 35(3)?
I ask this as the clause appears to be counterintuitive since volunteers, who have a weaker connection to a case compared to suspects, are required to apply to the Police for removal of his/her data under clause 37(2).
Expand Uses of DNA Information
I note that clause 32 of the Bill sets out the usage of DNA information for limited purposes. Notwithstanding, can Minister explain what are “other purposes” under clause 32(h) that may be prescribed?
The Bill also proposes the sharing of DNA results of convicted criminals with foreign LEAs when assessed necessary. This expands the current regime where registrable information such as fingerprints are already shared. As a safeguard, the foreign LEA will need to provide an undertaking to safekeep the data, limit its uses and destroy it upon conclusion.
Notwithstanding that these persons have been convicted, given that DNA information is more sensitive compared to fingerprints, can Minister clarify if criteria to assess necessity for sharing will be made more stringent than current?
Also, considering varying levels of cybersecurity infrastructure across jurisdictions, as well as difficulties of monitoring foreign LEAs, can Minister share how compliance with the undertaking by foreign counterparts will be ensured?
Safeguards on the Storage of Information
The Bill also introduces a new category of ‘eligible crimes’, expanding the current scope of crimes eligible for information to be collected. Per clause 2(d) of the Bill, these are defined as any offence punishable with imprisonment, except those compoundable.
With the foreseeable increase in the size and sensitivity of data collected, retained, and used, I am encouraged that the Bill will legislate safeguards for the handling of information, such as having persons accessing the databases to be screened and authorised by the Police. It follows that with greater powers come greater responsibilities to further strengthen trust in our LEAs.
Some of our agencies have unfortunately been impacted by data leakage due to cybersecurity attacks. Going forward the world is seeing more cybersecurity threats which are also become increasingly sophisticated. As we continue to build our capabilities, we must be wary that what has happened can occur again.
DNA samples, I understand, are collected on blotter card but the data analysed are stored on computer databases which could be subject to the cybersecurity threats I mentioned earlier. Given this, can Minister clarify the existing data security safeguards, their effectiveness, and proposed enhancements that are implemented and therefore to be put in place to provide greater public assurance?
Without being overly technical, will measures recommended by our Public Sector Data Security Review Committee, such as Digital Watermarking, Encryption, Tokenisation and Multi-Party Authorisation, be deployed or further enhanced to strengthen cybersecurity?
Conclusion
Mdm Deputy Speaker, in conclusion, data is the new currency in this day and age. Through the use of data, our LEAs must send the message to potential criminals that they will be caught.
But it is also that we balance the expanded collection, retention, and usage of personal information with safeguards in data privacy and security. In this way, public trust amongst our LEAs can be upheld.
I am confident that this Bill will enable our officers to continue keeping Singapore safe and secure. I stand in support of this Bill.
Thank you.
Watch the speech here.