Parliament Sitting on 1 October 2018

QUESTION FOR WRITTEN ANSWER


2306. Ms Rahayu Mahzam:
To ask the Minister for Communications and Information in light of the updated Advisory Guidelines issued by the Personal Data Protection Commission for NRIC and other national identification numbers (a) what are the initiatives that will be taken to ensure organisations review and implement the necessary changes to their business practices and processes to be aligned to the guidelines; (b) how will enforcement be carried out to check on organisations who continue to inappropriately collect NRIC numbers and ensure those who had previously done so dispose of these sensitive data in a proper manner; and (c) what is the platform and process for consumers or members of the public who wish to make a report on organisations who inappropriately collect NRIC numbers.

Answer:

Mr Speaker, the Personal Data Protection Commission, or PDPC, recently updated its Advisory Guidelines on the collection, use and disclosure of NRIC and other national identification numbers. In summary, the Guidelines set out that organisations are allowed to do so only if it is required by the law, or if it is necessary to accurately establish or verify an individual’s identity to a high degree of fidelity.

2 The PDPC, together with the Infocomm Media Development Authority, or IMDA, is adopting a two-pronged approach to help organisations align their practices with the Guidelines.

3 Firstly, PDPC is increasing awareness among organisations of the Guidelines through its outreach activities. For example, PDPC has briefed trade associations on the Guidelines. PDPC will also be carrying out additional briefings and producing collaterals for distribution to companies.

4 Secondly, PDPC and IMDA are providing organisations with technical support to make the transition. These include a technical guide on alternatives to NRIC numbers for websites and public facing computer systems; a template to notify customers of the organisation’s efforts and timeframe to comply with the Guidelines; and pre-approved solutions that organisations can adopt, such as visitor management and customer management systems. Organisations can reach out to PDPC or PDPC’s panel of Data Protection Advisors for assistance.

5 To allow organisations adequate time to review and refine their existing business practices and processes to comply with the Guidelines, they will take effect on 1 September 2019. Thereafter, individuals who encounter non-compliance can lodge a complaint with the PDPC. PDPC will review each complaint and take appropriate actions, such as directing non-complying organisations to dispose of the data and imposing financial penalties.   

 
#SMETowKay - Serving up a dose of productivity Stories Infocomm Media 15 Apr 19
Speech by Mr S Iswaran, Minister for Communications and Information, at the Re-Opening of the National Archives of Singapore (NAS) Building on 7 April 2019 Speeches Libraries 07 Apr 19
Speech by Dr Janil Puthucheary, Senior Minister of State, Ministry of Communications and Information at the Silver Infocomm Roadshow and Tech4Community event at the Toa Payoh HDB Hub Atrium on 7 April 2019 Speeches Infocomm Media 07 Apr 19
Singapore and Turkey strengthen cultural ties, commemorates 50 years of diplomatic relations Press Releases Libraries 05 Apr 19
MCI’s response to PQ on porting of telephone numbers Parliament QAs Infocomm Media 01 Apr 19
MCI’s response to PQ on cybersecurity courses Parliament QAs Cyber Security 01 Apr 19