近期,新加坡國會就身份證號碼使用和隱私保護問題進行了討論。新加坡數碼發展及新聞部長楊莉明在1月8日的國會會議上發表聲明,強調政府不打算將身份證號碼廣泛公開。
以下內容為新加坡眼根據國會英文資料翻譯整理:
楊莉明(新加坡數碼發展與新聞部長)在國會上表示,總共有51個議會問題(PQs)針對國民登記身份證(NRIC)的政策及會計與企業管制局(ACRA)在Bizfile門戶上披露NRIC號碼的情況提出,她和財政部第二部長英蘭妮女士分別發表部長聲明,以回應這些問題。兩人的聲明將涵蓋之前議程和未來會議上提出的相關問題。
核心要點:
2025年1月26日,楊莉明部長的此次聲明主要回應了公眾對NRIC政策的關切,特別是在會計與企業監管局(ACRA)Bizfile門戶網站中披露NRIC號碼的事件後,公眾對政府可能改變NRIC號碼披露政策的擔憂。部長強調,政府並沒有意圖廣泛披露NRIC號碼,且現有的NRIC使用政策和數據保護規定不會發生根本改變。以下是部長聲明的主要要點:
1. 對公眾關切的回應
楊莉明部長首先對公眾的關切表示理解,並強調Bizfile事件是一個不幸的事故。這一事件可能使公眾誤以為政府正在改變政策,允許大規模披露完整的NRIC號碼。部長明確指出,政府並沒有這個意圖,NRIC號碼依然被視為個人數據,只能在有必要的情況下收集和使用。對這一錯誤的發生,政府深感抱歉,並表示將採取措施確保類似事件不再發生。
2. NRIC號碼的隱私與安全
部長強調,NRIC號碼是個人身份的唯一標識符,雖然它並非完全保密(類似於名字),但它也不應被廣泛披露。NRIC號碼只能在某些特定情況下披露,例如:法律要求、僱主、診所或在註冊手機號碼時等情況。長期以來,NRIC號碼已被廣泛使用,不僅僅是作為身份標識符,甚至有些組織錯誤地將其作為認證工具或密碼,三觀使用其部分數字(如後四位)作為安全手段,這給人以錯誤的安全感。楊莉明強調,這種使用方法不恰當,必須予以停止。
3. 對NRIC號碼誤用的回應
部長提到,雖然NRIC號碼設計為身份標識符,但它不應被作為認證或密碼使用。過去,某些組織會要求提供完整的NRIC號碼來確認身份,甚至有些個人會將其作為密碼使用,這種做法是不恰當的。特別是,隨著網絡算法的進步,部分NRIC號碼(如最後四位數字)可以被輕易還原為完整號碼,從而帶來信息泄露的風險。
部長進一步指出,政府已經意識到這一問題,並決定採取行動,停止將NRIC號碼作為認證工具或密碼使用。政府將在公共部門開始實施這一變化,並計劃將其推廣到私營部門。通過這些措施,政府希望能夠消除NRIC號碼被濫用的風險,提升個人數據保護的水平。但現階段仍可收集部分號碼作為識別用途。未來計劃與公眾和私營部門展開廣泛諮詢,以更新指導原則。
4. Bizfile事件的反思
部長承認,由於不同政府部門間缺乏協調,ACRA在Bizfile門戶網站的「人員查詢」功能中錯誤地披露了完整的NRIC號碼。這一失誤並非政府意圖的結果,部長強調,政府在推進去除NRIC號碼屏蔽功能時,應當明確說明,在某些情況下,不是所有的NRIC號碼都應該披露,尤其是完整的NRIC號碼。此事發生後,政府決定更審慎地處理這些政策變化,確保此類錯誤不再發生。政府計劃開展大規模公眾教育,強調NRIC號碼的安全性及正確用法;個體需立即更改使用NRIC號碼作為密碼的習慣,以避免身份盜用或其他風險。
5. 下一步的措施與時間表
部長強調政府對數據保護的重視,提到公共部門需遵循《公共部門(治理)法》(PSGA)及內規,數據保護標準不低於《個人資料保護法》(PDPA)。ACRA因未能協調好相關流程而泄露NRIC號碼,政府對此進行嚴格審查並加強未來預防措施。部長透露,政府已經指示各公共機構停止將NRIC號碼用作認證工具或密碼,並逐步廢除現有的NRIC號碼屏蔽使用方式。這一轉變預計將需要一定的時間,但政府決定在問題相對可控的情況下率先推動這一改革。
對於私營部門的改革,部長指出,政府並未立即啟動相關工作,因為私營部門存在長期的慣例和實踐,改變這些做法可能需要更長的時間。政府的初步計劃是先從公共部門入手,積累經驗後,再逐步引導私營部門進行改革。針對私營部門使用NRIC號碼的現狀,政府已經開始向相關企業提供指導,要求其停止將NRIC號碼用作認證工具或默認密碼。
6. 應對私營部門的建議
針對私營部門的情況,楊莉明部長提出了兩個具體建議:一是私營部門應儘快停止使用NRIC號碼作為身份認證或密碼;二是對於仍在使用部分NRIC號碼(如最後四位數字)作為識別工具的企業,可以繼續使用這一做法,但未來將考慮根據公眾意見更新相關規定。部長還提到,政府將開展與私營部門的廣泛諮詢,聽取企業的意見,進一步完善相關政策。
7. 公眾教育與數據保護
為了防止NRIC號碼被錯誤使用,政府還將加強公眾教育,幫助公眾和企業了解NRIC號碼的正確使用方式。部長特彆強調,NRIC號碼仍然是個人數據,企業在收集和使用NRIC號碼時,必須履行保護責任,遵守法律規定,確保數據安全。此外,政府還將繼續審查並強化數據保護措施,確保所有公共機構和企業都能遵循嚴格的數據保護標準。
8. 與私營企業的協作與計劃
楊莉明部長還補充道,政府已經開始向私營部門提出相關要求,儘管這類改革可能需要更多時間才能完成。政府計劃在未來與私營部門密切合作,幫助企業識別出現問題的領域,並提供指導,逐步過渡到更安全、更符合數據保護要求的做法。
9. NRIC號碼與個人身份保護
在聲明的最後,楊莉明部長提醒公眾,要清楚認識到NRIC號碼是個人身份的關鍵標識符,但它也並非完全保密的。公眾應保持警惕,特別是在接到不明身份的電話或郵件時,不應輕易相信他們,因為這些人可能只知道公眾的NRIC號碼,而非其他身份信息。此外,公眾應定期檢查自己是否曾將NRIC號碼用作密碼,並及時更換這些密碼,以確保個人信息安全。
未完待续,请点击[下一页]继续阅读
{nextpage}10. 總結
政府非常重視NRIC號碼的安全使用。儘管當前已有相關的數據保護法律和規定,但由於不當使用NRIC號碼的現象仍然存在,政府決定採取進一步措施,以保障公眾個人信息的安全。未來,政府將加強與公眾和私營部門的合作,推動改革,並在此過程中確保個人信息得到應有的保護。
通過這一系列的改革措施,政府希望能夠提高公眾對NRIC號碼使用的認知,避免其被誤用或濫用。同時,政府也向社會各界傳遞了一個重要的信息,即數據安全和個人隱私保護將繼續是政府的優先事項,公眾和企業應共同努力,確保這一目標的實現。
以下是英文質詢內容:
The Minister for Digital Development and Information (Mrs Josephine Teo): Mr Speaker, Members have filed a total of 51 Parliamentary Questions (PQs) on the National Registration Identity Card (NRIC) policy and the disclosure of NRIC numbers on the Accounting and Corporate Regulatory Authority's (ACRA's) Bizfile portal. Second Minister for Finance Ms Indranee Rajah and I will be making Ministerial Statements to address the issues raised. Our Statements will address Question Nos 1 to 37 for oral answer in yesterday’s Order Paper; Question Nos 3 to 8 and 39 to 44 for written answer in yesterday’s Order Paper; Question No 52 for oral answer in today’s Order Paper, and related questions that have been filed for subsequent Sittings.
Mr Speaker: Please go ahead.
Mrs Josephine Teo: Sir, let me start by acknowledging the concerns raised by the public over NRIC policy. The Bizfile incident is unfortunate.
Without intending to, it may have led the public to believe that the Government is changing its policy to allow full NRIC numbers to be exposed on a wide scale. This is not the case. We take the public's concerns very seriously and are very sorry that the mistake has caused them much anxiety.
I want to reassure the public that NRIC numbers remain personal data. NRIC numbers can only be collected when there is a need to do so. Organisations that collect NRIC numbers also have a duty of care. Subject to applicable law, they must notify and seek consent on use, and ensure protection of the data. These are existing guidelines that will not change.
However, there are also some incorrect uses of the NRIC number today. Our plan was to stop these incorrect uses while the problem is relatively contained. Doing so will better protect everyone and allow us to use NRIC numbers with confidence.
In this regard, my Statement today will address two issues: the current incorrect uses of NRIC numbers and why we need to change; and what our next steps will be.
Sir, when we interact with others daily, we are identified by our names. However, our names may not be unique. For organisations that deal with many people, say, a hospital with several patients named John Tan, they need a better way to uniquely identify them. Their NRIC number is a useful unique identifier in such situations. When the hospital needs to perform an operation or dispense medication, the doctor or nurse must make absolutely sure that it is the right John Tan they are dealing with and they should ask you, "What is your NRIC number?"
Since the NRIC number's purpose is to be a unique identifier, it cannot be a secret, just as our names are not secret. I should emphasise, however, that while your NRIC number is not a secret, it is not meant to be widely disclosed. This is the concern echoed in Mr Lim Biow Chuan's question.
We would only disclose our NRIC number under certain circumstances, for example, when required by law. Some examples include disclosing our NRIC number to our employers, at the clinic or when we subscribe to a mobile telephone line. Because we do have to disclose our NRIC number to others for such purposes, we must assume that at least some people know our NRIC number.
未完待续,请点击[下一页]继续阅读
{nextpage}Over time, however, NRIC numbers have become increasingly used as more than an identifier. Previously, organisations would require seeing my physical NRIC card to confirm that I am who I claimed to be. However, some organisations assume that if someone can cite my NRIC number, that person must be me! This is clearly wrong.
On the assumption that this person is indeed me, some organisations may go further to give the person access to privileged information or services. When used this way, my NRIC number is no longer just an ID, or identifier, but a key to unlock more information or services. In such situations, the NRIC number is being accepted as an authenticator, or proof of who a person claims to be. This is clearly inappropriate.
Instead of the full NRIC number, some organisations collect and use a partial NRIC number, usually the last four characters of the NRIC number. They think that this is safe and that revealing only the last four characters still keeps the full NRIC number secret. Among public agencies, even when the agencies had the full NRIC numbers, the use of masked NRIC numbers became more common.
Besides organisations, some individuals also started to use their NRIC numbers as their passwords. They did so under the impression that the full NRIC number is secret.
However, as shown by Dr Tan Wu Meng in his question, there are now algorithms that can be found online, that have made it easier to work out the full NRIC number from the partial or masked NRIC number. The easy availability of such algorithms means that the continued use of partial or masked NRIC numbers gives both organisations and individuals a false sense of security. This does not really keep the full NRIC number secret. This also makes the practice of using NRIC numbers as passwords even more inappropriate.
To the questions by Dr Tan, Mr Liang Eng Hwa and Ms Sylvia Lim, these developments led the Government to take steps to stop the incorrect uses of the NRIC number. This meant two things: one, not using the NRIC number as an authenticator; and two, moving away from the use of masked NRIC numbers, because it creates a false sense of security.
We knew this transition would take time. But it was better to start while the problem is relatively contained and for the Government to take the lead.
To the question by Ms Joan Pereira, we proceeded to ask agencies to stop using the NRIC number as an authenticator or as a password. We also asked agencies not to plan new uses, with a view to discontinuing existing uses of masked NRIC numbers eventually.
The lapse in coordination between agencies led to ACRA's misunderstanding and the disclosure of full NRIC numbers in the People Search function of its new Bizfile portal.
未完待续,请点击[下一页]继续阅读
{nextpage}In hindsight, what we should have made clear was that moving away from the use of masked NRIC numbers did not mean automatically using the full NRIC number instead, in every case. At no point was our intention to disclose full NRIC numbers on a wide scale.
In place of masked NRIC numbers, in some instances, there would be no need for the NRIC number at all. In other instances, names alone or some other identifier would be sufficient. But there could also be instances where full NRIC numbers should be used, instead of masked NRIC numbers. Each case would have to be assessed and decided individually.
Members including Mr Leong Mun Wai, Mr Liang Eng Hwa, Mr Xie Yao Quan, Ms Jessica Tan, Mr Dennis Tan and Mr Pritam Singh have asked about the internal processes leading to ACRA's actions. Minister Indranee will say more about it in her Statement later and address Members' questions related to ACRA.
Miss Cheryl Chan asked why the efforts to change did not include the private sector. The Government knew that it would take time for public agencies to make the change. We expected that it would take even longer for the private sector because of long-standing practices and habits. The plan was therefore to change the internal practices of Government before moving to change practices in the private sector and non-profit organisations, which Ms Usha Chandradas asked about. We believed that doing so would allow us to better understand the implementation challenges and, as a result, facilitate a smoother transition in the private sector.
We had also planned to mount a major effort to help Singaporeans be aware of the risks and to support efforts to stop incorrect practices. The Bizfile incident was an unfortunate misstep which now means these plans need to be brought forward.
While we had taken steps to stop the incorrect uses of NRIC numbers in the public sector, we had not started implementation for the private sector. Mr Edward Chia, Mr Liang Eng Hwa, Ms Hazel Poa and Mr Xie Yao Quan have asked specifically what should be done in the private sector.
At this stage, we would advise private sector organisations to do two things: first, private sector organisations that are using NRIC numbers as a factor of authentication or as default passwords should stop this practice as soon as possible; and second, private sector organisations that presently collect partial NRIC numbers to identify people can continue to do so. The guidelines for the private sector have not yet changed and we will only consider how they should be updated after consulting the public.
To questions by Mr Xie Yao Quan, Mr Melvin Yong and Mr Sharael Taha, we aim to start consultations soon and will provide details when ready. Our initial soundings with the private sector suggest there can be different approaches. Some organisations currently using partial NRIC numbers can stop the practice and replace them with alternative means of identification such as mobile numbers or email addresses or drop them entirely. But there are also organisations that need to accurately identify persons and can justify the collection of full NRIC numbers even if they are not required by law. For example, preschool centres will prefer to collect the full NRIC numbers of visitors rather than just the mobile numbers; the parents will certainly feel more secure. In applications for and disbursements of substantial financial aid, persons would also need to be accurately identified.
未完待续,请点击[下一页]继续阅读
{nextpage}We will take these considerations on board when updating the guidelines. In any case, I would like to assure Members like Ms Jean See and Mr Ong Hua Han that the Personal Data Protection Commission will support businesses in changing their authentication methods. This will include raising their awareness on why the use of NRIC numbers as a factor of authentication is unsafe and working through the Infocomm Media Development Authority and the Cyber Security Agency's programmes to help businesses review and adjust their practices.
To questions by Ms Tin Pei Ling, Mr Zhulkarnain Abdul Rahim and Assoc Prof Jamus Lim, I should emphasise that NRIC numbers are personal data. This means that organisations collecting and using NRIC numbers must continue to exercise a duty of care. Subject to applicable law, they must notify and seek consent on use, and also ensure the data is sufficiently protected. Certainly, they should not disclose the NRIC numbers unless there is good reason to do so.
Members may also ask, if the NRIC number is not suitable as an authenticator, what about the physical NRIC card, our pink identity card? If we look at our physical NRIC card, we will see that it contains other identifying information, such as our photo and fingerprint. It allows others to check that the information on the card matches me, the person holding the card. In addition, the physical NRIC card is not easily faked. The physical NRIC card is, therefore, suitable as an authenticator, or proof of who I claim to be. But someone providing my NRIC number and claiming to be me, does not have these additional factors of proof.
Organisations must know that the physical NRIC card and NRIC number are different. The physical NRIC card can be an authenticator, but the NRIC number should not be used as an authenticator. Organisations should, therefore, not accept my NRIC number alone as proof that the person citing it is indeed me.
Besides organisations, individuals, too, have questions about what they should do. There are also two things. The first is to clarify their understanding of the NRIC number. Members like Ms Sylvia Lim asked about this.
We have said that our NRIC number is like our name. Even if it is not widely disclosed, it is not secret. In our daily lives, if someone we do not recognise calls out our name and starts to behave as though they know us well, we would be slightly suspicious. We might be polite but not too friendly. Certainly, we should not fully trust this person, just because they know our name.
This should also be how we treat anyone who tells us our NRIC number. We should not automatically assume that they know us well or are figures of authority or can be trusted. We should be cautious about revealing more about ourselves, or saying yes to their requests or following their instructions without checking further.
未完待续,请点击[下一页]继续阅读
{nextpage}The second thing we can do as individuals is to review our passwords. If we have used our NRIC number as a password to access any information or service, we have mistakenly used it as an authenticator and should change the password immediately. Doing so will give us better protection against people who use our NRIC number to get access to information or services. It will also complement efforts by organisations to stop using the NRIC number as a factor of authentication.
To Ms Hany Soh's question, NRIC-related scams are not new. Most NRIC-related scams involve victims who think they are speaking to figures of authority and end up taking actions that harmed themselves, such as transferring money without further checks. Very few cases have involved scammers directly using NRIC numbers to unlock access to valuables.
Several Members have also asked how to mitigate the risks when NRIC numbers are disclosed. They include Mr Zhulkarnain Abdul Rahim, Mr Edward Chia, Mr Christopher de Souza, Mr Ong Hua Han, Mr Liang Eng Hwa, Ms Jessica Tan, Mr Louis Chua, Miss Cheryl Chan, Mr Sharael Taha and Mr Yip Hon Weng.
As I have explained, the risks arise from the incorrect use of the NRIC numbers. If individuals stop using NRIC numbers as passwords and organisations stop using NRIC numbers as authenticators, this will go a long way to preventing harms from scams and identity theft. They will give us all better peace of mind to use the NRIC number whenever it is necessary, such as to get medical treatment or apply for jobs.
Sir, the Government appreciates that the incorrect uses of the NRIC number may not be well understood. Our public education efforts will raise awareness among organisations and individuals, and to guide them on what they should do. In doing so, we will focus on the points I highlighted above.
Mr Gerald Giam asked about alternatives to the current NRIC number system. In fact, the risks do not arise directly from the structure of the NRIC number. Rather, the risks arise when the NRIC number, which is meant to be a unique identifier, is incorrectly used as an authenticator or a password. Even if we were to create an alternative identifier, we would still have a problem if organisations used it as an authenticator and individuals used it as a password.
Sir, let me turn now to questions about ACRA's exemption from Personal Data Protection Act (PDPA) requirements and the Government's data protection measures. These were raised by Ms Tin Pei Ling, Ms Sylvia Lim, Mr Saktiandi Supaat and Mr Patrick Tay.
The Government has always taken seriously its responsibility to protect the data entrusted to the public sector. The Government's personal data protection standards are set collectively by the Public Sector (Governance) Act, or PSGA, and our own internal rules.
未完待续,请点击[下一页]继续阅读
{nextpage}The PSGA is aligned with the PDPA and adapted to the Public Service context. Our internal rules are comprehensive and take reference from international and industry standards. We also continually strengthen our data governance practices.
ACRA is expected to comply with these rules and the PSGA, which are no less stringent than PDPA requirements. Regular, mandatory audits are conducted to ensure that public agencies, including ACRA, comply with the standards for data protection and the security of information and communications technology systems. The number of data incidents and their severity is published annually.
In the most recent whole-of-Government audit exercise on information technology-related data security controls, there were very few significant findings and all of them had been remediated by the agencies concerned. There has also been a reduction in data incidents of medium severity and above. Where necessary, we have also taken public servants to task, for example, in serious cases involving unauthorised disclosure or improper use of information.
Members can be reassured that we take these rules and controls very seriously. We will continue to regularly review the safeguards to ensure that they remain relevant.
Sir, let me conclude. We understand the public's concerns about NRIC numbers. It was not our intention to make the full NRIC number widely disclosed and we are not heading in that direction.
NRIC numbers are personal data and can be collected and used only when there is a need to. Organisations that hold your NRIC number also have a duty of care. Subject to law, they must notify and seek consent on use, and ensure protections. These are existing guidelines that will not change.
What needs to change are the incorrect uses of the NRIC number. These include using NRIC numbers for authentication or as passwords. It is better to make these changes while the problem is relatively contained. Organisations and individuals can both help by taking steps to stop using NRIC numbers as authenticators or passwords.
By taking action as soon as possible, we can increase protection for all of us. This will allow us to more confidently use the full NRIC number as a unique identifier whenever we need to do so. Mr Speaker, please allow me to summarise a few key points in Mandarin, please.
(In Mandarin): [Please refer to Vernacular Speech.] Mr Speaker, the Government understands the public's concerns about the correct use of NRIC numbers. I would like to reiterate here that it is not our intention for the full NRIC numbers to become widely disclosed information.
NRIC numbers are personal data, and they can only be used and disclosed when there is a need to do so.
Unless indicated by law, organisations that wish to collect and hold your NRIC number must first notify and seek consent on its use, and ensure that it receives adequate protection. These existing guidelines will not change.
未完待续,请点击[下一页]继续阅读
{nextpage}However, what needs to change are some incorrect uses of the NRIC number. For example, we should not use NRIC numbers for authentication or as passwords.
It is better to make these changes and rectify the problem while it is still relatively contained. Both organisations and individuals can do their part to stop using NRIC numbers as authenticators or passwords.
By taking action as soon as possible, we can increase protection for all of us. This will allow us to more confidently use the NRIC number as a unique identifier, whenever we need to do so.
(In English): Mr Speaker, with your permission, I will respond to any clarifications which Members may have, after Minister Indranee Rajah has also made her Statement.
12.57 pm
Mr Speaker: The Second Minister for Finance will indeed also be making a related Ministerial Statement. I will allow Members to raise points of clarifications on both Statements after Minister Indranee's Statement. Second Minister for Finance.
CF丨翻譯
HQ丨編審
國會丨來源
國會丨圖源