SINGAPORE: Public service officers who were involved in last year’s Bizfile incident should be dealt with fairly despite the public nature of the issue, Senior Minister Teo Chee Hean said in parliament on Thursday (Mar 6).

At the same time, accountability is important, even at the level of political office holders overseeing the Accounting and Corporate Regulatory Authority (ACRA) and the Ministry of Digital Development and Information (MDDI), he added.

Political office holders have overall responsibility for the organisations under their charge, regardless of whether they had specific or direct responsibility for the actions that led to the shortcomings, the senior minister said.

Mr Teo gave a ministerial statement about full National Registration Identity Card (NRIC) numbers being displayed in search results on the ACRA's Bizfile portal last December.

“Both Ministers Josephine Teo and Indranee Rajah have publicly accepted this overall responsibility and also apologised for what had happened,” said Mr Teo, adding that Prime Minister Lawrence Wong will take this incident into account in his evaluation of the ministers.

A review panel tasked to look into the incident released its report on Monday and said it found no "deliberate wrongdoing or wilful inaction" by the government officers involved. But it flagged a "confluence" of six shortcomings that led to the incident.

Following Mr Teo's ministerial statement, MP Jessica Tan (PAP-East Coast) and MP Tin Pei Ling (PAP-MacPherson) asked about whether the penalties could lead to public officers being overly cautious and about striking a balance so that staff can still make calculated risks.

Ms Tan said there needs to be a balance between proper handling of personal data by government agencies, and being too afraid to move forward because of the incident.

“What will be done across government to help our officers really move forward and be able to make that right judgment call?” she asked.

In response, Mr Teo said there is always a possibility that people become overly careful, and that is why it is important to identify shortcomings clearly.

“Don’t go in with a big bazooka and flatten everybody,” he said, adding that individuals who are responsible have to be held accountable, but in a way that is well-balanced and fair. 

“This is the approach that we take and which we will continue to do,” he said.

Ms Tin said a balance needs to be struck between disciplining officers to strengthen public trust and encouraging officers to take calculated risks when necessary.

“From the report, I feel a bit worried that are we going to hammer them too much, because that may not be sending the right signal to the broader public service,” she said. 

Mr Teo, in his reply, reiterated the need to deal with officers fairly and in accordance with the public sector’s disciplinary processes so that the public service “will continue to do all the things that they need to do … including taking calculated risks”. 

“We should not come down like a ton of bricks on officers on issues like these, even if they have become public and have caused public anxiety,” said the senior minister.

LESSONS "MUST BE LEARNT AND INTERNALISED"

In his ministerial statement, Mr Teo recapped the incident and the actions taken by the government, as well as reiterated why the government saw the need to move away from the use of partial NRIC numbers.

Noting that he agreed with the review panel’s findings, he said the incident demonstrates that close coordination and careful attention to detail are needed when updating policies and practices.

“Sometimes it is a single issue, but at other times, it can be a confluence of factors that can lead to such incidents,” said Mr Teo.

Apart from the political office holders, Mr Teo reiterated that the permanent secretaries of the former Smart Nation and Digital Government Office (SNDGO) and MDDI, as well as the chief executive of ACRA are also responsible.

Mr Teo said the review was not a disciplinary process, and that any disciplinary action would be taken in accordance with applicable frameworks and processes in the respective public agencies.

He also said the cost of any financial penalties against ACRA would not be meaningful because they would “ultimately have to be borne by the public purse”. 

The Public Service Division, MDDI and ACRA have taken into account the review panel’s findings, and reviewed the roles, responsibilities and actions of the relevant officers involved.

The agencies have assessed that there were “inadequacies” in the officers’ judgement and actions, and “appropriate measures are being taken against them”, said the senior minister.

These measures range from counselling to retraining to reductions in performance grade, which will carry financial consequences such as a reduction in their performance-based payments.

Mr Teo said the lessons from the incident “must be learnt and internalised, not only by the officers involved or their agencies, but by the public service as a whole, so that they are not repeated”.

Noting the need to maintain trust in the public service, he added: "When things go wrong, we are upfront with Singaporeans on where we have fallen short.

"We conduct thorough reviews and make improvements to our systems and processes to serve Singaporeans better, while remaining fair to our officers.

"This recent incident, while regrettable, demonstrates the government’s commitment to continuous improvement, to uphold the trust that Singaporeans have placed in the government and the public service," he said.

NO SALE OF NRIC NUMBERS ON DARK WEB

Citing how the Bizfile portal received more than 500,000 searches for NRIC numbers over five days in December, MP Gerald Giam (WP-Aljunied) asked if the government has been monitoring, including on the dark web, for the sale of NRIC numbers that may have potentially been exfiltrated during this period.

Likewise, Non-Constituency MP Leong Mun Wai (PSP) wanted to know if there was evidence to indicate a compromise of full NRIC numbers “on a large scale”.

In his responses, Mr Teo said the government monitors the dark web for a variety of things, including the Bizfile incident, and has not seen any sale of NRIC numbers.

The idea that full NRIC numbers are compromised also “starts from the wrong basis”, he said.

“The fact that somebody knows your NRIC number doesn't mean that it's compromised. Your NRIC number is supposed to be known by those people who need to know it and so you must expect that your NRIC number is known to quite a few others, and that's why it should not be used as an authenticator,” Mr Teo said.

MP Sylvia Lim (WP-Aljunied) sought clarification on the accountability of ministers, noting that the prime minister also holds the portfolio of the Finance Ministry, which oversees ACRA.

“I found what (Mr Teo) said about the overall accountability of ministers very interesting. He mentioned that the two ministers involved would have this incident taken into account by the prime minister in his assessment of the overall performance,” said Ms Lim.

“But the fact is that the prime minister is the minister for finance and ACRA is a (statutory) board within the Ministry of Finance, so how does that work, as far as the prime minister is concerned, because he's also overall responsible for ACRA in that sense.”

Mr Teo replied: "On the part of the prime minister's responsibility, well, the prime minister is responsible for everything.

"But he delegates his responsibilities to ministers, who are responsible for ministries, agencies and functions, and so that is part of the prime minister's role.

"If the prime minister tried to be responsible for everything, he would not be able to function at all, and one of the responsibilities of the prime minister is to know when he should delegate and when he should intervene."