Ministers overseeing agencies involved in NRIC saga have to bear overall responsibility: SM Teo

Prime Minister Lawrence Wong will take the NRIC incident into account when evaluating the ministers in charge of the government agencies involved, said Senior Minister Teo Chee Hean on March 6.

Highlighting the importance of accountability, he said the officers and senior management involved in missteps that led to the disclosure of full NRIC numbers on a government business portal could face a range of “appropriate measures”, from counselling to retraining and reductions in their performance grade and performance-based payments.

SM Teo told Parliament that the political office-holders overseeing the Accounting and Corporate Regulatory Authority (Acra) and Ministry of Digital Development and Information (MDDI) have to bear overall responsibility for the organisations under their charge.

Digital Development and Information Minister Josephine Teo and Second Minister for Finance Indranee Rajah have publicly accepted this responsibility and apologised for the incident, he said in a ministerial statement on the matter.

“The Prime Minister will take into account this incident in his evaluation of the Ministers,” he added.

His statement comes after a review panel investigated the incident that took place on Dec 9, 2024, and found lapses in the process and communication between Acra and MDDI.

SM Teo told Parliament that trust in the public service is essential, and maintaining that trust is central to how the Government operates.

“When things go wrong, we are upfront with Singaporeans on where we have fallen short. We conduct thorough reviews and make improvements to our systems and processes to serve Singaporeans better while remaining fair to our officers,” he added.

“This recent incident, while regrettable, demonstrates the Government’s commitment to continuous improvement, to uphold the trust Singaporeans have placed in us.”

He said that while the review found there was no malicious or wilful wrongdoing by the officers involved, “there were inadequacies in their judgment and actions”.

On their part, the ministers have to bear overall responsibility, “regardless of whether they had specific or direct responsibility for the actions that led to the shortcomings that occurred”, he added.

In its report released on March 3, the review panel flagged six instances where the agencies could have done better, including clearer communication from MDDI.

The ministry was unclear in its policy communications issued to various agencies on the Government’s plans to end the use of NRIC numbers for authentication, leading to the confusion, which resulted in full NRIC numbers being disclosed on Acra’s Bizfile portal.

Officers involved in the shortcomings include those whose actions contributed directly to the shortcomings, as well as senior management who were responsible for providing oversight and guidance to the officers, said SM Teo in a ministerial statement on the review.

The review panel on Feb 25 submitted its report for review by SM Teo, who is also Minister-in-charge of Public Sector Data Governance. He accepted the findings and reported them to Prime Minister Lawrence Wong the next day.

The permanent secretaries of the Smart Nation and Digital Government Office (now under MDDI) were responsible for implementing the policy, while the Acra chief executive was responsible for the design and implementation of the new Bizfile portal, SM Teo added.

He clarified that the review was not a disciplinary process and that any disciplinary action levelled at the officers, if warranted, will need to be carried out by the respective public agencies involved.

SM Teo said the public service holds its officers to a high standard of conduct.

“Singaporeans deserve and expect this,” he said. “Given the range and complexity of public services, from time to time, mistakes will be made. If there is misconduct or malicious intent, we will deal with it severely and those involved will be punished.”

Where there was no malicious or wilful wrongdoing, due consideration should be given to whether the officers had acted in good faith in deciding on what action to take, SM Teo said. 

He added that the incident offers valuable lessons for the wider public service that agencies must take on board, to avoid similar incidents from recurring.

“This Bizfile incident demonstrates that close coordination and careful attention to detail are required. Sometimes it is a single lapse, but at other times, it can be a confluence of factors that can lead to such incidents,” he said.

The review panel, led by head of civil service Leo Yip, said the shortcomings included security lapses at Acra that contravened the Government’s internal data management rules, and unclear communication between Acra and MDDI.

The panel was also critical of the agencies’ public communication and response to public concerns, which it said should have been better coordinated and clearer.

“In hindsight, the Government should have made clear to the public at the outset that moving away from the use of partial NRIC numbers did not automatically mean using full NRIC numbers in every case, or disclosing them on a large scale,” the panel said.

Mrs Teo, Ms Indranee and Acra chief executive Chia-Tern Huey Min held a press conference on Dec 19, 2024, to address concerns and questions about the incident.

By sharing full NRIC numbers, Acra was also found to have contravened the Government’s internal code, called IM8, a set of instructions that govern how public agencies use and disclose citizens’ data.

The public sector’s personal data protection standards in the Public Sector (Governance) Act and IM8 are aligned with the Personal Data Protection Act but have been adapted to the public service context.

Existing laws do not prescribe financial penalties for public agencies that contravene the IM8 rules, said SM Teo, adding that the officers responsible will instead face other measures, including retraining and impact on their performance grade.

Source: The Straits Times © SPH Media Limited. Permission required for reproduction.

Ministers Shanmugam, Tan See Leng say parts of Bloomberg article calculated to disparage them New charges for 3 men allegedly linked to servers that likely contained Nvidia chips