Be aware of scammers impersonating as IMDA officers and report any suspicious calls to the police. Please note that IMDA officers will never call you nor request for your personal information. For scam-related advice, please call the Anti-Scam helpline at 1800-722-6688 or go to www.scamalert.sg.

  1. IMDA
  2. Resources
  3. Press Releases, Factsheets and Speeches
  4. Archived
  5. IMDA Archived
  6. PDPC Issues NRIC Advisory Guidelines to Protect Consumers

PDPC Issues NRIC Advisory Guidelines to Protect Consumers

31 AUG 2018 | 4 mins read

PDPC Issues NRIC Advisory Guidelines to Protect Consumers - Organisations must implement changes by 1 September 2019

SINGAPORE – 31 August 2018: The Personal Data Protection Commission (PDPC) today issued advisory guidelines to protect consumers’ National Registration Identity Card (NRIC) information.

Under PDPC’s new NRIC Advisory Guidelines, organisations are not allowed collect, use or disclose NRIC and other national identification numbers, unless required by law or if necessary to accurately establish or verify an individual’s identity. Physical NRICs can only be retained if required by law.

These Advisory Guidelines also apply to other national identification numbers are Foreign Identification Numbers and Work Permit numbers issued by the Singapore Government for long-term or employment passes in Singapore, as well as Birth Certificate numbers. The Advisory Guidelines were developed with feedback from PDPC’s public consultation in 2017[1], which saw strong support from both consumers and businesses. The PDPC expects all organisations to implement the changes before 1 September 2019.

As the NRIC number is a permanent and irreplaceable identifier that can be used to unlock large amounts of an individual’s information, its collection, use and disclosure is of especial concern to the PDPC. Indiscriminate or negligent handling increases the risk of unintended disclosure which can result in illegal activities such as identity theft and fraud, a growing concern in today’s Digital Economy.

To ensure that businesses’ operations or ability to innovate are not impeded, the PDPC and the Infocomm Media Development Authority (IMDA) worked with service providers to offer assistance to help organisations make the transition. These measures include:

  • Pre-approved technology solutions including visitor management and customer relationship management systems, to help organisations automate and align their operations with the NRIC Advisory Guidelines[2];
  • A technical guide[3] for organisations enhancing IT systems to make use of alternatives to NRIC numbers as an identifier; and
  • Template notices[4] that organisations can use to manage customer expectations during the transition period.

Organisations collecting, using or disclosing NRIC numbers (or copies of NRIC), even where permitted under the Advisory Guidelines, are expected to ensure that adequate protection measures are in place to safeguard the personal data in their possession. Organisations could consider employing technological solutions, such as scanning the bar code on a NRIC and automatically generating a hash of the NRIC number which is then stored and used as a unique identifier, instead of storing NRIC numbers in the clear.

Full details of the Advisory Guidelines can be found on www.pdpc.gov.sg/AG.

 

Annex A: Factsheet on Summary of Advisory Guidelines on NRIC and Other National Identification Numbers

ISSUED BY THE PERSONAL DATA PROTECTION COMMISSION

About Personal Data Protection Commission

The PDPC administers the Personal Data Protection Act 2012 (PDPA) in Singapore, which aims to safeguard individuals’ personal data against misuse and promote proper management of personal data in organisations. The PDPA enhances Singapore’s competitiveness and strengthens our position as a trusted business hub, putting Singapore on par with the growing list of countries with data protection laws. For more information, please visit www.pdpc.gov.sg.

 

For media queries, please contact:

Mr Eugene Neubronner

Manager, Communications and Marketing

Personal Data Protection Commission

c/o Info-communications Media Development Authority

Tel: 6211 1182

E-mail: eugene_neubronner@imda.gov.sg

 

Mr Chua Hian Hou

Deputy Director, Communications and Marketing

Personal Data Protection Commission

c/o Info-communications Media Development Authority

Tel: 6202 4956

E-mail: chua_hian_hou@imda.gov.sg


[1] The public consultation closed on 18 December 2017 with 82 responses from individuals and organisations from various sectors, including retail, media and finance. Please refer to the PDPC’s Closing Note for more information on the consultation.

[2] For more information on the pre-approved solutions, please visit: CTO-as-a-Service

[3] The technical guide can be found at www.pdpc.gov.sg/og

[4] The template notices can be found at www.pdpc.gov.sg/org-resources

 

LAST UPDATED: 13 MAR 2023

Explore more

Related Programmes

5G Academy
Programme

5G Academy

The Singapore 5G & Telecoms Academy offers training courses focused on 5G and other emerging technologies such as the internet...

5G Grant
Programme +1
  • Grant

5G Grant

IMDA is looking to support 5G use cases in the four strategic clusters of (i) Maritime Operations; (ii) Urban Mobility; (iii...

5G Innovation
Digital Solution +1
  • Programme

5G Innovation

Globally acknowledged to be the next big leap in mobile and wireless communications, 5G technology is widely touted to enable...

View all programmes