The data collected via SafeEntry is encrypted and stored in the Government server and is retained for 25 days, which is the necessary retention period to support MOH's contact tracing efforts, and will be purged thereafter. It can only be used to carry out or facilitate contact tracing, except when there is a need to use the data for criminal investigations and proceedings into seven categories of serious offences. The data may also be de-identified and aggregated for analytics purposes.
There are stringent measures in place to safeguard the personal data. Only authorised public officers will have access to the data. Under the Public Sector Governance Act, public officers who recklessly or intentionally disclose the data without authorisation, misuse the data for a gain, or re-identify anonymised data may be found guilty of an offence and may be subject to a fine of up to $5,000 or imprisonment of up to 2 years, or both.