Parliament Sitting on 5 October 2021


21. Mr Gerald Giam Yean Song: To ask the Minister for Communications and Information in light of the MyRepublic data breach, whether the Ministry intends to prohibit organisations from storing scans of identification documents like the NRIC beyond the period required for identity verification.


1. The Personal Data Protection Act (“PDPA”) already sets baseline requirements for organisations to cease retaining documents containing personal data when it is no longer needed for legal or business purposes. These include scans of identification documents.

2. Specifically, for telecommunication licensees, it is a licensing requirement to retain the identification record of a subscriber for at least 12 months following the termination of services by the subscriber. This is to ensure that agencies investigating fraudulent and/or criminal acts can review such identification records if telecommunication services were used for such purposes.  
Speech by Mrs Josephine Teo, Minister for Communications and Information, at Personal Data Protection Seminar on 20 July 2022 Speeches Personal Data 20 Jul 22
MCI response to PQ on Reasons for Recent Data Breach of Local Retail Website and Measures to Ensure Security and Protection of Customer Data Parliament QAs Personal Data, Cyber Security 04 Apr 22
Speech by Mrs Josephine Teo, Minister of Communications and Information, at the Ministry of Communications and Information Committee of Supply Debate on 4 March 2022 Speeches, Parliament QAs Public Comms, Personal Data, Libraries, Infocomm Media, Government Technology, Digital Readiness, Digital Defence, Cyber Security, Others 04 Mar 22
Building a Vibrant and Secure Digital Future, Together Press Releases Others, Cyber Security, Digital Defence, Digital Readiness, Government Technology, Infocomm Media, Libraries, Personal Data, Public Comms 04 Mar 22
MCI response to PQ on Cases of Unauthorised Sale of Personal Data Investigated by Personal Data Protection Commission in Past Five Years Parliament QAs Personal Data 10 Jan 22
MCI response to PQ on Measures in Place to Ensure Companies Engage Licensed and Certified Third- or Fourth-party IT vendors to Minimise Risk of Data Breaches and Leaks Parliament QAs Personal Data 10 Jan 22