Usage Rate for TraceTogether Token and Protection of Users' Data Submitted via Token
Prime Minister's OfficeSpeakers
Summary
This question concerns the adoption of TraceTogether tokens and the security protocols safeguarding personal data within the TraceTogether and SafeEntry systems. Mr Desmond Choo inquired about utilization rates and data protections, to which Senior Minister Teo Chee Hean responded that 101,000 tokens have been issued, with total program participation reaching half the population. He detailed that encrypted data is stored locally on devices for 25 days before automatic deletion, and distribution is expanding to all Community Centres. He further noted that access is restricted to authorized officers for contact tracing, with the Public Sector Governance Act imposing strict penalties, including fines and imprisonment, for any unauthorized disclosure or data misuse.
Transcript
88 Mr Desmond Choo asked the Prime Minister (a) what is the projected and actual utilisation rate so far for the TraceTogether token; and (b) how will the Ministry safeguard personal data collected from TraceTogether and SafeEntry in light of the users' privacy concerns stemming from the increased risk of cyber-attacks.
Mr Teo Chee Hean (for the Prime Minister): As of 28 September, we have issued about 101,000 TraceTogether Tokens to members of the public. We will progressively expand the distribution across Singapore so that anyone who wants a TraceTogether Token can collect one from a Community Centre nearest their home.
The purpose of the Token is to boost overall community participation in the TraceTogether Programme, particularly for those who are not able to download theTraceTogether App. Currently the overall participation (App and Token) rate of TraceTogether Programme is at around half our population, with TraceTogether Programme participants predominantly on the App as community-wide Token distribution had just commenced. The higher the participation rate, the more effective our digital contact tracing efforts, and the safer we can keep ourselves, our loved ones, and our colleagues.
The data collected by the TraceTogether Programme is encrypted and stored only for 25 days on the user's App or Token, after which it is automatically deleted. The encrypted data (of up to 25 days) is kept on the device until the user shares it with MOH for contact tracing in the unfortunate (and hopefully unlikely) circumstance that the user tests positive for COVID-19. Because it is encrypted, even if someone unlawfully extracts the data from the App or the Token, they will not be able to make sense of the data.
Personal data collected from the SafeEntry programme is also encrypted, and will only be accessed by the authorities when needed for the purpose of preventing or controlling the transmission of COVID-19.
The Government is the custodian of the data submitted by individuals, including those from the TraceTogether and SafeEntry programmes, and stringent measures are in place to safeguard this personal data. Only authorised public officers will have access to the data. Under the Public Sector Governance Act, public officers who recklessly or intentionally disclose the data without authorisation, misuse the data for gain, or re-identify anonymised data without authorisation may be found guilty of an offence and may be subject to a fine of up to $5,000 or imprisonment of up to two years, or both.