Last updated: 13 March 2023

Published on: 31 August 2018


PDPC Issues NRIC Advisory Guidelines to Protect Consumers - Organisations must implement changes by 1 September 2019

SINGAPORE – 31 August 2018: The Personal Data Protection Commission (PDPC) today issued advisory guidelines to protect consumers’ National Registration Identity Card (NRIC) information.

Under PDPC’s new NRIC Advisory Guidelines, organisations are not allowed collect, use or disclose NRIC and other national identification numbers, unless required by law or if necessary to accurately establish or verify an individual’s identity. Physical NRICs can only be retained if required by law.

These Advisory Guidelines also apply to other national identification numbers are Foreign Identification Numbers and Work Permit numbers issued by the Singapore Government for long-term or employment passes in Singapore, as well as Birth Certificate numbers. The Advisory Guidelines were developed with feedback from PDPC’s public consultation in 2017[1], which saw strong support from both consumers and businesses. The PDPC expects all organisations to implement the changes before 1 September 2019.

As the NRIC number is a permanent and irreplaceable identifier that can be used to unlock large amounts of an individual’s information, its collection, use and disclosure is of especial concern to the PDPC. Indiscriminate or negligent handling increases the risk of unintended disclosure which can result in illegal activities such as identity theft and fraud, a growing concern in today’s Digital Economy.

To ensure that businesses’ operations or ability to innovate are not impeded, the PDPC and the Infocomm Media Development Authority (IMDA) worked with service providers to offer assistance to help organisations make the transition. These measures include:

  • Pre-approved technology solutions including visitor management and customer relationship management systems, to help organisations automate and align their operations with the NRIC Advisory Guidelines[2];
  • A technical guide[3] for organisations enhancing IT systems to make use of alternatives to NRIC numbers as an identifier; and
  • Template notices[4] that organisations can use to manage customer expectations during the transition period.

Organisations collecting, using or disclosing NRIC numbers (or copies of NRIC), even where permitted under the Advisory Guidelines, are expected to ensure that adequate protection measures are in place to safeguard the personal data in their possession. Organisations could consider employing technological solutions, such as scanning the bar code on a NRIC and automatically generating a hash of the NRIC number which is then stored and used as a unique identifier, instead of storing NRIC numbers in the clear.

Full details of the Advisory Guidelines can be found on


Annex A: Factsheet on Summary of Advisory Guidelines on NRIC and Other National Identification Numbers


About Personal Data Protection Commission

The PDPC administers the Personal Data Protection Act 2012 (PDPA) in Singapore, which aims to safeguard individuals’ personal data against misuse and promote proper management of personal data in organisations. The PDPA enhances Singapore’s competitiveness and strengthens our position as a trusted business hub, putting Singapore on par with the growing list of countries with data protection laws. For more information, please visit


For media queries, please contact:

Mr Eugene Neubronner

Manager, Communications and Marketing

Personal Data Protection Commission

c/o Info-communications Media Development Authority

Tel: 6211 1182



Mr Chua Hian Hou

Deputy Director, Communications and Marketing

Personal Data Protection Commission

c/o Info-communications Media Development Authority

Tel: 6202 4956


[1] The public consultation closed on 18 December 2017 with 82 responses from individuals and organisations from various sectors, including retail, media and finance. Please refer to the PDPC’s Closing Note for more information on the consultation.

[2] For more information on the pre-approved solutions, please visit: CTO-as-a-Service

[3] The technical guide can be found at

[4] The template notices can be found at


Speech by Minister S Iswaran, Minister for Communications and Information, at AI Singapore’s 1st Year Anniversary Event Read the next article

Explore more