Unauthorised disclosure and improper use of information
7.—(1)  If —
(a)an individual discloses, or the individual’s conduct causes disclosure of, information under the control of a Singapore public sector agency to another person (whether or not a Singapore public sector agency);
(b)the disclosure is not authorised by any data sharing direction given to the Singapore public sector agency;
(c)the individual is a relevant public official of the Singapore public sector agency at the time of the disclosure; and
(d)the individual does so —
(i)knowing that the disclosure is not in accordance with that direction; or
(ii)reckless as to whether the disclosure is or is not in accordance with that direction,
the individual shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both.
(2)  In proceedings for an offence under subsection (1), it is a defence for the defendant to prove, on a balance of probabilities, any of the following:
(a)the information under the control of the Singapore public sector agency was, at the time of its disclosure by the defendant, generally available information;
(b)the defendant disclosed or caused the disclosure of information under the control of a Singapore public sector agency —
(i)as permitted or required by or under an Act or other law (apart from this Act);
(ii)as authorised or required by an order of court; or
(iii)in any other circumstances, or for any other purpose, prescribed.
[40/2020]
(3)  If —
(a)an individual makes use of information under the control of a Singapore public sector agency (A);
(b)the use is not authorised by any data sharing direction given to A;
(c)the individual is a relevant public official of A or another Singapore public sector agency at the time of the use;
(d)the individual does so —
(i)knowing that the use is not in accordance with such a data sharing direction; or
(ii)reckless as to whether the use is or is not in accordance with such a data sharing direction; and
(e)the individual as a result of that use —
(i)obtains a gain for the individual or another person;
(ii)causes harm to another individual; or
(iii)causes a loss to another person,
the individual shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both.
[40/2020]
(4)  If —
(a)an individual makes use of information (other than personal data) under the control of a Singapore public sector agency (A);
(b)the use is not authorised by A;
(c)the individual is —
(i)a contractor supplying goods or services to A or to another Singapore public sector agency; or
(ii)an employee of a person who is a contractor supplying goods or services to A or to another Singapore public sector agency;
(d)the individual does so —
(i)knowing that the use is not authorised by A; or
(ii)reckless as to whether the use is or is not authorised by A; and
(e)the individual, as a result of that use —
(i)obtains a gain for the individual or another person;
(ii)causes harm to another individual; or
(iii)causes a loss to another person,
the individual shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both.
[40/2020]
(5)  In proceedings for an offence under subsection (3) or (4), it is a defence for the defendant to prove, on a balance of probabilities, any of the following:
(a)that the information under the control of A that was used was, at the time of its use, generally available information;
(b)the defendant used the information under the control of A —
(i)as permitted or required by or under an Act or other law (apart from this Act);
(ii)as authorised or required by an order of court; or
(iii)in any other circumstances, or for any other purpose, prescribed.
[40/2020]
(6)  To avoid doubt, subsection (2) or (5) does not affect any obligation or limitation imposed on, or prohibition of, the disclosure or use of information under the control of a Singapore public sector agency by or under any other written law or other law.
[40/2020]
(7)  In this section —
“disclose”, in relation to information, includes provide access to information;
“gain” means —
(a)a gain in property or a supply of services (whether temporary or permanent); or
(b)an opportunity to earn remuneration or greater remuneration or to gain a financial advantage otherwise than by way of remuneration;
“generally available information” means information that consists of readily observable matter, including information that consists of deductions, conclusions or inferences made or drawn from readily observable matter;
“harm”, in relation to an individual, means —
(a)any physical harm; or
(b)harassment, alarm or distress caused to the individual;
“loss” means —
(a)a loss in property or a supply of services, whether temporary or permanent; or
(b)a loss of an opportunity to earn remuneration or greater remuneration or to gain a financial advantage otherwise than by way of remuneration,
but excludes, in relation to an individual, the loss of personal data about the individual;
“personal data” has the meaning given by section 2(1) of the Personal Data Protection Act 2012;
“relevant public official”, for a Singapore public sector agency, means —
(a)an officer of the Singapore public sector agency;
(b)a member of a Group 1, Group 2 or Group 3 public body which is that Singapore public sector agency, or of the governing body of such a public body; or
(c)the chief executive of a Group 1, Group 2 or Group 3 public body which is that Singapore public sector agency.
[40/2020]
Unauthorised re-identification of anonymised information
8.—(1)  If —
(a)an individual takes any action to re-identify or cause re‑identification of the person to whom anonymised information under the control of a Singapore public sector agency relates;
(b)the re-identification is not authorised by any data sharing direction given to the Singapore public sector agency;
(c)the individual is a relevant public official of the Singapore public sector agency at the time of taking that action; and
(d)the individual does so —
(i)knowing that the re‑identification is not authorised by that data sharing direction; or
(ii)reckless as to whether the re‑identification is or is not authorised by that data sharing direction,
the individual shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both.
(2)  In proceedings for an offence under subsection (1), it is a defence to the charge for the accused to prove, on a balance of probabilities, that —
(a)the information on the identity is publicly available;
(b)the action to re-identify or cause re-identification is —
(i)permitted or required by or under an Act or other law (apart from this Act);
(ii)authorised or required by an order of court; or
(iii)in any other circumstances, or for any other purpose, prescribed; or
(c)the accused —
(i)reasonably believed that the re‑identification was for a specified purpose; and
(ii)notified either of the following agencies of the re‑identification as soon as was practicable:
(A)the Singapore public sector agency;
(B)the Government Technology Agency.
[40/2020]
(3)  To avoid doubt, subsection (2) does not affect any obligation or limitation imposed on, or prohibition of, the re‑identification of anonymised information under the control of a Singapore public sector agency by or under any other written law or other law.
[40/2020]
(4)  In this section —
“anonymised information” means any information which is in anonymised or de‑identified form;
“Government Technology Agency” means the Government Technology Agency established by section 3 of the Government Technology Agency Act 2016;
“personal data” has the meaning given by section 2(1) of the Personal Data Protection Act 2012;
“relevant public official” has the meaning given by section 7(7);
“specified purpose” means any purpose specified in the Eleventh Schedule to the Personal Data Protection Act 2012.
[40/2020]
Singapore Statutes Online
© 2024 Attorney-General's Chambers of Singapore,
Last updated 27 Apr 2024
Singapore Statutes Online is provided by the Legislation Division of the Attorney-General's Chambers of Singapore.