%22%3E%0A%3Cpath%20d%3D%22M412%20101.2H393.7C393.1%20101.2%20392.3%20100.9%20391.8%20100.5C377.3%2087.6004%20362.9%2074.6004%20348.4%2061.6004C344.8%2058.4004%20341.3%2055.2004%20337.7%2052.0004C337.1%2051.5004%20336.2%2051.1004%20335.5%2051.0004C334.2%2050.8004%20333%2051.0004%20331.5%2051.0004V101.1H316.7V0.100391H331.4V44.3004C331.9%2044.3004%20332.2%2044.4004%20332.5%2044.4004C334.9%2044.4004%20337.2%2044.5004%20339.6%2044.4004C340.4%2044.4004%20341.3%2044.0004%20341.8%2043.5004C351.6%2034.4004%20361.4%2025.2004%20371.1%2016.0004C376.5%2010.9004%20381.9%205.90039%20387.3%200.800391C387.9%200.200391%20388.5%200.000390626%20389.3%200.000390626H400.9C384.2%2015.8004%20367.8%2031.3004%20351.2%2047.0004C371.5%2065.0004%20391.8%2082.9004%20412.1%20100.9C412.1%20101%20412.1%20101.1%20412%20101.2ZM180.9%20101.2C184.1%2094.9004%20187.2%2088.9004%20190.3%2082.8004C198.3%2067.3004%20206.2%2051.8004%20214.2%2036.2004C220.3%2024.4004%20226.4%2012.5004%20232.4%200.700391C232.7%200.100391%20233%20-0.0996094%20233.7%20-0.0996094H248.1C248.8%20-0.0996094%20249.2%200.100391%20249.6%200.800391C256%2013.3004%20262.4%2025.7004%20268.8%2038.2004C279.3%2058.6004%20289.8%2079.0004%20300.3%2099.5004C300.5%20100%20300.8%20100.4%20301.1%20101.1C300.5%20101.1%20300.1%20101.2%20299.7%20101.2H286.5C285.6%20101.2%20285.1%20100.9%20284.7%20100.2C280.1%2091.3004%20275.4%2082.4004%20270.8%2073.4004C270.1%2072.1004%20269.3%2071.6004%20267.8%2071.6004H209.9C208.7%2071.6004%20208.1%2072.0004%20207.5%2073.1004C202.9%2082.1004%20198.2%2091.0004%20193.6%20100C193.1%20101%20192.6%20101.3%20191.5%20101.3C188.4%20101.2%20185.3%20101.3%20182.3%20101.3C182%20101.2%20181.6%20101.2%20180.9%20101.2ZM239.1%2011.4004C230%2029.2004%20221.1%2046.7004%20212.1%2064.3004H266.4C257.2%2046.7004%20248.2%2029.2004%20239.1%2011.4004ZM0%200.000390626H43.4C51.2%200.000390626%2058.7%201.20039%2065.7%204.80039C75.9%2010.0004%2078.9%2018.0004%2078.6%2027.4004C78.3%2034.3004%2076%2040.5004%2071.2%2045.5004C67.3%2049.6004%2062.4%2052.3004%2057.1%2054.3004C50.6%2056.7004%2043.9%2058.0004%2037.1%2058.6004C30.1%2059.2004%2023.1%2059.4004%2016.2%2059.7004C15.8%2059.7004%2015.3%2059.8004%2014.8%2059.8004V101.1H0.1C0%2067.4004%200%2033.8004%200%200.000390626ZM14.8%207.10039V52.2004C23.7%2052.4004%2032.6%2052.3004%2041.2%2050.1004C44.4%2049.3004%2047.6%2048.2004%2050.6%2046.7004C58.4%2043.0004%2062.3%2036.7004%2062.7%2028.0004C63%2019.9004%2059.5%2014.1004%2052.4%2010.5004C47.6%208.00039%2042.5%207.10039%2037.2%207.10039H14.8ZM95.9%20101.1V0.100391H167.3V7.20039H110.7V44.7004H158.1V51.9004H110.8V93.9004H171.1V101C146.1%20101.1%20121%20101.1%2095.9%20101.1Z%22%20fill%3D%22black%22%2F%3E%0A%3Cpath%20d%3D%22M35.0004%2025.7996H42.5004V20.6996H44.8004V33.1996H42.6004V27.5996H34.9004V33.2996H32.7004V20.7996H35.0004V25.7996ZM54.4004%2025.8996V27.2996H48.9004V31.6996H55.9004C55.9004%2032.1996%2056.0004%2032.5996%2056.0004%2033.0996H46.5004V20.5996H55.5004V21.8996H49.0004V25.7996C50.7004%2025.8996%2052.5004%2025.8996%2054.4004%2025.8996ZM25.9004%2033.0996H23.5004V21.9996H17.9004V20.6996H31.6004V22.0996H27.1004C26.2004%2022.0996%2025.9004%2022.2996%2025.9004%2023.1996C26.0004%2026.0996%2025.9004%2028.9996%2025.9004%2031.7996V33.0996Z%22%20fill%3D%22black%22%2F%3E%0A%3C%2Fg%3E%0A%3Cdefs%3E%0A%3CclipPath%20id%3D%22clip0_388_462%22%3E%0A%3Crect%20width%3D%22411%22%20height%3D%22101.2%22%20fill%3D%22white%22%2F%3E%0A%3C%2FclipPath%3E%0A%3C%2Fdefs%3E%0A%3C%2Fsvg%3E%0A)
For Josh Lee Kok Thong, Singapore’s effortless digital habits obscure a real issue
The managing director of the Future of Privacy Forum shows how standards, education and inquisitive leadership can shift Singapore from reactive compliance to confident capability.
By Lyn Chan /
Share this article
Scroll, tap, swipe. Singaporeans are among the world’s most connected people. Phones, payment apps, and artificial intelligence (AI) chat tools are integral to daily life.
Yet, that comfort, says Josh Lee Kok Thong, managing director (APAC) of the Future of Privacy Forum (FPF) and adjunct lecturer at the Singapore Management University, can be deceptive. Many, he reveals, are “digitally familiar, not digitally savvy” — able to use technology with ease but not as aware of how it actually works.
Lee first saw this in his law classroom. Students could move effortlessly between online platforms but struggled to explain where their data went or how it might be used. That gap between use and understanding, Lee believes, is where vulnerability begins.
Mistaking familiarity for expertise breeds a misplaced sense of confidence. The problem is psychological as much as technical. People who consider themselves savvy assume they’re less likely to fall for scams. Or worse, bask in the complacency of immunity. That assurance encourages risky behaviour: clicking unknown links, sharing personal information or trusting default settings.
“Lowering your guard invites exploitation”
A 2022 survey by the National University’s Institute for the Public Understanding of Risk found that Singaporeans under 25 were more susceptible to scams than those over 65, despite their digital fluency.
Researchers linked the pattern to “optimism bias”, the belief that misfortune happens to others. “It’s a classic blind spot,” Lee says. “In the digital world, that bias scales faster than ever.”
Lee argues that the same assumption pervades corporate life. Many leaders equate digital fluency with organisational readiness just because their employees are comfortable with Slack or Teams. But readiness isn’t the same as competence,” he emphasises.
He goes on to caution: “Lowering your guard invites exploitation. And that applies as much to institutions as it does to individuals.”
The consequences can be severe. In February 2024, an employee at Arup, a British engineering firm, was duped by a deep-faked video call into transferring HKD$200 million (about $33.5 million) to fraudsters. The year before, Samsung engineers accidentally uploaded internal source code to a public generative-AI platform, prompting a company-wide ban on such tools.
“These aren’t rookie mistakes,” Lee says. “They happened in large, well-resourced organisations.” The underlying problem, he adds, is not ignorance but the absence of structured governance.
He points to several common weaknesses: reliance on off-the-shelf digital systems whose data origins are not always clear; inadequate staff training on responsible AI use; and procurement decisions made without a full grasp of data-handling implications.
“Without those fundamentals, you can’t claim to be digitally prepared,” he asserts. And when incidents occur, the fallout is invariably measured in trust and confidence, “the fragile currency of today’s data economy”.
Building credible standards
Restoring that confidence requires more than reactive compliance. Singapore’s Infocomm Media Development Authority has introduced the Privacy-Enhancing Technologies (PETs) Guide and the Singapore Standard 714 to provide businesses with practical tools for responsible innovation.
The PETs Guide provides guidance on privacy-enhancing techniques such as federated learning, homomorphic encryption and secure multi-party computation. At the fundamental level, it’s like learning from, or being able to use, information without actually seeing it, explains Lee.
Singapore Standard 714, meanwhile, embeds data-protection-by-design principles across a product’s life cycle. Together, the two frameworks signal a shift from policy intent to operational practice.
“They move the conversation from compliance to capability,” Lee says, showing that responsible data use and innovation can reinforce each other.
Such standards also help Singapore differentiate itself internationally. As data governance becomes a condition for trade and investment, the ability to demonstrate accountable innovation is emerging as a competitive edge.
“Global investors and partners look for ecosystems that can safeguard data,” Lee says. “That’s where Singapore can lead.”
Regulation can only go so far. “The law sets the outer boundaries,” he says, but adds that awareness and the right mindsets must develop within organisations and society. Without understanding why privacy and governance matter, compliance risks become a checklist exercise.
Many people appreciate the risks only after seeing how easily information flows across systems. Lee notes that once they realise how easily data can be combined and repurposed, “you begin to understand why guardrails are needed”.
From compliance to curiosity
In Lee’s view, education remains the most durable defence. True digital competence is not about coding but curiosity — asking how an app makes money, what data it collects, and who can see it. He urges boards to adopt the same inquisitiveness.
“If boards don’t understand the systems they’re buying, they can’t set meaningful oversight,” he states. “Governance must be informed, not delegated.”
That shift in mindset will determine how societies adapt to the next wave of data-driven tools. Digital adoption, he warns, is accelerating faster than comprehension. “Unless awareness keeps pace, convenience will continue to masquerade as competence.”
Lee is realistic but hopeful. “We can’t afford to treat technology as magic,” he says. “Once we look under the hood, we realise that confidence isn’t automatic — it’s something we have to build and maintain.”
For now, Singapore’s new standards and growing emphasis on public data awareness offer a pragmatic path forward: not slower innovation, but smarter risk management. “If we want a trusted digital ecosystem,” he says, “we have to start with informed people and accountable systems. Everything else follows from that.”