新加坡个人信息保护新规：机构索取身份证号码需征求同意

The PSGA is aligned with the PDPA and adapted to the Public Service context. Our internal rules are comprehensive and take reference from international and industry standards. We also continually strengthen our data governance practices.

ACRA is expected to comply with these rules and the PSGA, which are no less stringent than PDPA requirements. Regular, mandatory audits are conducted to ensure that public agencies, including ACRA, comply with the standards for data protection and the security of information and communications technology systems. The number of data incidents and their severity is published annually.

In the most recent whole-of-Government audit exercise on information technology-related data security controls, there were very few significant findings and all of them had been remediated by the agencies concerned. There has also been a reduction in data incidents of medium severity and above. Where necessary, we have also taken public servants to task, for example, in serious cases involving unauthorised disclosure or improper use of information.

Members can be reassured that we take these rules and controls very seriously. We will continue to regularly review the safeguards to ensure that they remain relevant.

Sir, let me conclude. We understand the public's concerns about NRIC numbers. It was not our intention to make the full NRIC number widely disclosed and we are not heading in that direction.

NRIC numbers are personal data and can be collected and used only when there is a need to. Organisations that hold your NRIC number also have a duty of care. Subject to law, they must notify and seek consent on use, and ensure protections. These are existing guidelines that will not change.

What needs to change are the incorrect uses of the NRIC number. These include using NRIC numbers for authentication or as passwords. It is better to make these changes while the problem is relatively contained. Organisations and individuals can both help by taking steps to stop using NRIC numbers as authenticators or passwords.

By taking action as soon as possible, we can increase protection for all of us. This will allow us to more confidently use the full NRIC number as a unique identifier whenever we need to do so. Mr Speaker, please allow me to summarise a few key points in Mandarin, please.

(In Mandarin): [Please refer to Vernacular Speech.] Mr Speaker, the Government understands the public's concerns about the correct use of NRIC numbers. I would like to reiterate here that it is not our intention for the full NRIC numbers to become widely disclosed information.

NRIC numbers are personal data, and they can only be used and disclosed when there is a need to do so.

Unless indicated by law, organisations that wish to collect and hold your NRIC number must first notify and seek consent on its use, and ensure that it receives adequate protection. These existing guidelines will not change.

未完待续,请点击[下一页]继续阅读