July 12, 2018

Confidential Information, Secure Data NRIC Registration

It was reported[1] recently that a 20-year-old man obtained a physical list of identification numbers from an event he volunteered at and used the personal information to apply for multiple mobile phone plans and free phones worth over $33,000. This is just one example of how our own carelessness can result in personal data landing in the hands of individuals with ill-intent.

Are organisations protecting your personal data? 

Although it will be illegal from mid-2018 for shopping mall operators to ask for your NRIC details, not all organisations in Singapore are practicing data minimisation. Some organisations still make it compulsory for participants to give out their NRIC numbers for the purposes of event registration. However, do organisations have adequate measures in place to protect the NRIC numbers we entrust them with? In this incident, the organisers of the volunteer event failed to protect the personal details that were provided to them, which resulted in many individuals becoming victims of fraud.

Why should we protect our personal data?

In Singapore we use our NRIC number for multiple purposes. We not only give it freely to organisations for purposes like event registration, but also use it for credit card registration, insurance policy application and other important functions. If identity thieves were able to obtain our NRIC number from a list made available from an event, they could potentially gain access to our credit card statements, bills, and other confidential information and cause harm to our lives.

How can we protect our personal data?

We need to be careful who we give our personal information to and exercise our right to hold organisations accountable when they fail to deliver on their promise to protect our data. Implementing a Shred-it all policy is important for organisations to ensure that no physical lists containing personal data lands in the wrong hands. Encouraging organisations to adopt a Clean Desk policy can prevent information from lying around on desks and tempting information thieves. 

How can organisations benefit from protecting personal data?

Protecting personal data can save an organisation the price of paying hefty fines imposed under the Personal Data Protection Act (PDPA) and potentially the General Data Protection Regulation (GDPR) as well. Moreover, using an environmentally-conscious document service provider will ensure that your organisation recycles unwanted documents securely. 

Start Protecting Your Business

An organisation that integrates personal data protection into its business processes can help reduce the risk of a data breach. Learn more about how Shred-it can protect your documents and hard-drives by contacting us for a free quote and a security risk assessment. 

[1]LEE, G. (2018). Youth cheated Singtel, others of over $33,000. [online] The Straits Times. Available at: https://www.straitstimes.com/singapore/courts-crime/youth-cheated-singtel-others-of-over-33000 [Accessed 10 May 2018].