New NRIC Guidelines Enforced

Posted  September 02, 2019  by  Jenny Green


Today’s digital world is stepping up its security measures. From 1st September, it will be illegal for companies to collect NRIC numbers or make copies of identify cards unless legally required or deemed a necessity under the NRIC guidelines[1] spelt out by the Personal Data Protection Commission (PDPC). Organisations that have collected NRIC numbers without complying to these guidelines will have to dispose them under the Personal Data Protection Act (PDPA). Failure to do so will result in monetary penalties of up to S$1 million, incurring both financial losses and damage to brand reputation.
 
This comes at a time when collecting NRIC numbers indiscriminately sets the scene for major security violations such as identity theft or fraud in today’s cyber world—a world filled with data mongers and thieves.
 
As consumers and governments become more conscious of fraudulent data usage, organisations should habitually review their data protection practices to ensure compliance with the PDPC or General Data Protection Regulation (GDPR). In an environment filled with security loopholes, organisations can adopt simple habits to safeguard themselves against any data breach, including nurturing employee sensitivity regarding vulnerable areas. These include regular refresher courses and cultivating a culture of information security within the office through enforcing certain routines, such as clearing desks efficiently and properly storing electronic devices or confidential files at day’s end. For a more comprehensive approach, organisations can implement a Shred-it All Policy to securely destroy obsolete documents.
 
Individually, one can exercise vigilance by setting strong passwords on all accounts and devices, be wary of making transactions over public or unsecured Wi-Fi connections, and consistently destroy paper documents containing sensitive information, including bank statements.
 
If there is a data breach, it is imperative to know how to minimise losses and repercussions. At the organisational level, it is important to derive the breach’s root cause and be transparent with affected customers, resolving the issue as quickly as possible and issuing formal apologies. Doing so creates a sense of responsibility and accountability on the company’s part, which minimises brand reputation damages and thus, financial losses. If your personal information has been compromised in a breach, you should change all affected passwords and disable all affected credit cards or accounts if necessary. File a police report if needed.
 
NRICs or relevant identification numbers are unique and characteristic of an individual. If they fall into the wrong hands, a series of undesirable events or outcomes can ensue. Always tread carefully when giving out private and potentially vulnerable information.
 
Start Protecting Your Business
 
An organisation that integrates data protection into its business processes can reduce any data breach risk and PDPA non-compliance. Learn more about how Shred-it can protect your documents and hard-drives by contacting us for a free quote and security risk assessment.
 
[1] Personal Data Protection Commission. 2018. ADVISORY GUIDELINES ON THE PERSONAL DATA PROTECTION ACT FOR NRIC AND OTHER NATIONAL IDENTIFICATION NUMBERS. [ONLINE] Available at: https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Advisory-Guidelines/Advisory-Guidelines-for-NRIC-Numbers---310818.pdf. [Accessed 23 July 2019].

Request a Quote and Start Protecting Your Business Today!

Fill out the form or call 6787 7777 to start protecting your business today! 

Select Service




Company info

Your info

Additional Info

×