Stricter rules for NRIC usage from Sept 1 , Latest Singapore News - The New Paper

Stricter rules for NRIC usage from Sept 1

This article is more than 12 months old

Unless required by law, it will be illegal for companies to hold on to an NRIC and collect its full number

Companies have less than a week to comply with stricter rules by Singapore's privacy watchdog governing the use, collection and disclosure of the NRIC and other national identification numbers.

In a statement yesterday, the Personal Data Protection Commission (PDPC) reminded organisations that unless required by law, from Sept 1, it will be illegal to physically hold on to an individual's NRIC and collect its full number.

This also applies to birth certificate numbers, foreign identification numbers and work permit numbers.

The commission had announced changes to the advisory guidelines last year as a result of rampant use of the NRIC.

Details from the NRIC were being used in a range of situations - from people filling out lucky draw coupons and membership applications, to retailers registering customers for parking redemptions.

"NRIC numbers are a permanent and irreplaceable identifier issued by the Singapore Government primarily for public administration purposes and to facilitate transactions with the Government.

"As NRIC numbers can be used to retrieve data relating to individuals, there is a need to reduce indiscriminate or unjustified collection and negligent handling of NRIC numbers," the PDPC said in its statement.

Organisations that have collected the NRIC numbers have been encouraged to assess if they need to retain these numbers and, if not, the commission suggests they dispose of them responsibly and in compliance with the Personal Data Protection Act (PDPA).

The law already prohibits the indiscriminate collection of consumers' personal data and requires organisations to account for its use.


But privacy advocates have argued that NRIC details were still being collected, sometimes for frivolous reasons.

From Sunday, NRIC numbers or copies of the NRIC can be obtained or shared only if they are required by law, such as when subscribing to a new phone line, making a doctor's appointment or checking into a hotel.

NRIC details may also be collected when it is necessary to precisely verify an individual's identity to a high degree of accuracy.

This would include visiting pre-schools or transactions involving healthcare, financial or real estate matters.

Organisations that continue to indiscriminately collect, use or disclose NRIC numbers would be flouting the PDPA, and could incur a financial penalty of up to $1 million.

One company that has made changes to the way it uses the NRIC is security services firm Prosegur Security, which employs about 1,400 security officers in Singapore.

In the past, some of its clients had asked the company to collect the NRIC - either the full number or the card itself - before allowing visitors to enter their premises.

The company now tells its clients that such requests cannot be made and amendments have been made to its standard operating procedures (SOPs).

Mr Vincent Wong, human resource manager at Prosegur Security, said: "Clients generally are also earnest about doing the right thing and are participative in implementing, amending or enforcing SOPs in line with the requirements."