Parliament Sitting on 1 October 2018

QUESTION FOR WRITTEN ANSWER


2306. Ms Rahayu Mahzam:
To ask the Minister for Communications and Information in light of the updated Advisory Guidelines issued by the Personal Data Protection Commission for NRIC and other national identification numbers (a) what are the initiatives that will be taken to ensure organisations review and implement the necessary changes to their business practices and processes to be aligned to the guidelines; (b) how will enforcement be carried out to check on organisations who continue to inappropriately collect NRIC numbers and ensure those who had previously done so dispose of these sensitive data in a proper manner; and (c) what is the platform and process for consumers or members of the public who wish to make a report on organisations who inappropriately collect NRIC numbers.

Answer:

Mr Speaker, the Personal Data Protection Commission, or PDPC, recently updated its Advisory Guidelines on the collection, use and disclosure of NRIC and other national identification numbers. In summary, the Guidelines set out that organisations are allowed to do so only if it is required by the law, or if it is necessary to accurately establish or verify an individual’s identity to a high degree of fidelity.

2 The PDPC, together with the Infocomm Media Development Authority, or IMDA, is adopting a two-pronged approach to help organisations align their practices with the Guidelines.

3 Firstly, PDPC is increasing awareness among organisations of the Guidelines through its outreach activities. For example, PDPC has briefed trade associations on the Guidelines. PDPC will also be carrying out additional briefings and producing collaterals for distribution to companies.

4 Secondly, PDPC and IMDA are providing organisations with technical support to make the transition. These include a technical guide on alternatives to NRIC numbers for websites and public facing computer systems; a template to notify customers of the organisation’s efforts and timeframe to comply with the Guidelines; and pre-approved solutions that organisations can adopt, such as visitor management and customer management systems. Organisations can reach out to PDPC or PDPC’s panel of Data Protection Advisors for assistance.

5 To allow organisations adequate time to review and refine their existing business practices and processes to comply with the Guidelines, they will take effect on 1 September 2019. Thereafter, individuals who encounter non-compliance can lodge a complaint with the PDPC. PDPC will review each complaint and take appropriate actions, such as directing non-complying organisations to dispose of the data and imposing financial penalties.   

 
MCI directs IMDA to issue Access Blocking Orders Press Releases Infocomm Media 23 Jan 20
Remarks by Mr S Iswaran, Minister for Communications and Information, at the International Chamber of Commerce "Taking Trade Digital" Forum on 22 Jan 2020 Speeches Infocomm Media 22 Jan 20
Remarks by Mr S Iswaran, Minister for Communications and Information, at the Joint Press Conference with World Economic Forum Centre for the Fourth Industrial Revolution on 21 Jan 2020 Speeches Infocomm Media 21 Jan 20
Speech by Minister S Iswaran at the Library and Archives Plan (LAP25) stakeholder engagement session coinciding with the first anniversary of library@harbourfront on 12 Jan 2020 Speeches Libraries 12 Jan 20
MCI's response to PQ on PSB programmes funding Parliament QAs Infocomm Media 06 Jan 20
MCI's response to PQ on training for Singaporeans to pursue a career in information technology Parliament QAs Infocomm Media 06 Jan 20