Changes to NRIC data handling will follow public feedback, with emphasis on consent and protection.
The Personal Data Protection Commission (PDPC) in Singapore will issue new advisory guidelines on the use of National Registration Identity Card (NRIC) numbers, reflecting a change in the government’s position on their privacy. The updated guidelines will be released after a public and industry consultation, though the timeline for this process remains unclear.
Key Considerations for Organisations
While the government has adjusted its stance on the confidentiality of NRIC numbers, organisations are still prohibited from collecting, using, or disclosing NRIC numbers or making copies of them unless mandated by law.
The PDPC stressed that despite these changes, NRIC numbers will continue to fall under the Personal Data Protection Act (PDPA), meaning organisations must still obtain valid consent for collecting and using this data. They are also required to comply with reasonable use standards and ensure the protection of the information they collect.
Previous Enforcement Actions
The PDPC has previously taken action against companies that used NRIC numbers for authentication purposes, which violated their data protection obligations. These actions underscore the importance of adhering to data privacy standards, particularly as new guidelines are developed.
In conclusion, while the PDPC is adjusting its view on NRIC data, organisations must continue to act in accordance with data protection principles, ensuring that the data is used responsibly and securely.
