New NRIC Guidelines Enforced
Today’s digital world is stepping up its security measures. From 1st
September, it will be illegal for companies to collect NRIC numbers or make copies of identify cards unless legally required or deemed a necessity under the NRIC guidelines
spelt out by the Personal Data Protection Commission (PDPC)
. Organisations that have collected NRIC numbers without complying to these guidelines will have to dispose them under the Personal Data Protection Act (PDPA)
. Failure to do so will result in monetary penalties of up to S$1 million, incurring both financial losses and damage to brand reputation.
This comes at a time when collecting NRIC numbers indiscriminately sets the scene for major security violations such as identity theft
or fraud in today’s cyber world—a world filled with data mongers
As consumers and governments become more conscious of fraudulent data usage, organisations should habitually review their data protection practices to ensure compliance with the PDPC or General Data Protection Regulation (GDPR)
. In an environment filled with security loopholes, organisations can adopt simple habits to safeguard themselves against any data breach
, including nurturing employee sensitivity regarding vulnerable areas. These include regular refresher courses and cultivating a culture of information security within the office
through enforcing certain routines, such as clearing desks efficiently
and properly storing electronic devices or confidential files at day’s end. For a more comprehensive approach, organisations can implement a Shred-it All
Policy to securely destroy obsolete documents.
Individually, one can exercise vigilance by setting strong passwords on all accounts and devices, be wary of making transactions over public or unsecured Wi-Fi connections, and consistently destroy paper documents
containing sensitive information, including bank statements.
If there is a data breach, it is imperative to know how to minimise losses and repercussions. At the organisational level, it is important to derive the breach’s root cause and be transparent with affected customers
, resolving the issue as quickly as possible and issuing formal apologies. Doing so creates a sense of responsibility and accountability on the company’s part, which minimises brand reputation damages and thus, financial losses. If your personal information has been compromised in a breach, you should change all affected passwords and disable all affected credit cards or accounts if necessary. File a police report if needed.
NRICs or relevant identification numbers are unique and characteristic of an individual. If they fall into the wrong hands, a series of undesirable events or outcomes can ensue. Always tread carefully when giving out private and potentially vulnerable information.
Start Protecting Your Business
An organisation that integrates data protection into its business processes can reduce any data breach risk and PDPA non-compliance. Learn more about how Shred-it can protect your documents
us for a free quote and security risk assessment.