July 12, 2018

Personal Data Sharing Risks and Confidential Protection

Did you know that basic information such as passport numbers, full names, NRIC, mobile numbers, residential addresses, photographs, credit card numbers and personal email addresses are sought after by criminals for various unlawful purposes and scams? This information is classified as “personal data” and in Singapore it is protected by the Personal Data Protection Act (PDPA).

We often overlook the fact that we indiscriminately share our personal data with different organisations every day. We do this in an increasingly diverse number of ways, including online shopping, by filling out banking or insurance forms or by participating in lucky draws. Our full names, NRIC numbers and other information lands in the hands of the organisation for their record keeping and we often don’t  give a second thought to what happens to it or even why they need some of this information in the first place.

While sharing our personal data can make things convenient for us, it always comes at a risk. Here are five occasions you should think twice before sharing your personal data:


Singaporeans are frequently approached by individuals from various organisations outside shopping malls, bus stops and MRT stations to participate in short surveys. Each survey ends with a request to provide our personal data including full name, NRIC number, residential address and mobile number. This personal information is immensely valuable and therefore makes these organisations an ideal target for criminals. Criminals manipulate stolen information for a wide variety of illegal activities such as identity theft. Recently a student became a victim of identity theft when she lost her NRIC.


Visiting friends or family that live in a condominium often requires you to register your full name and NRIC number in a logbook. Once the information is jotted down, your information is “there to stay” for everyone to read until the logbook is thrown away. If the logbook is not disposed of safely through secure shredding, the information could end up in the wrong hands and lead to something more sinister such as fraud or identity theft.

Lucky Draws

Lucky draws are one of the most popular ways for organisations to collect potential customers’ personal data and contact information. Enticed by attractive prizes, customers freely share their personal data without thinking twice. Organisations frequently share this data with third parties or it may pass through several hands as it is collected, processed, sorted and stored, which makes it very convenient for criminals to obtain the data and very difficult to trace back to when and where a breach may have occurred.

Unsolicited Phone Calls

Phone scams are becoming increasingly common. Scammers use multiple ingenious techniques to collect personal data. For example, a scammer can pose as a telco staff member, informing you that your mobile number has been used for illicit activities and then ask for your personal information. Other famous recent scams include criminals impersonating DHL and even police officers. The personal information collected is at risk of being misused by the scammers.

Curriculum Vitae (CVs)

HR employees are a prime target of scammers because they handle the internal processes relating to staff and are therefore the gatekeepers of much of a company’s personal data, including information held in physical format such as potential employees' CVs. The CVs usually contain full names, NRIC numbers, mobile numbers and residential addresses.

If CVs are not properly stored, confidential information could be accessed by unauthorised persons including contractors, janitors, other staff, etc. Any unused CVs must also be disposed of properly with security in mind. This can be done through rigorous workplace procedures such as a Clean Desk Policy and a Shred-it All Policy.

We must keep in mind that our personal data is valuable and precious. Under the PDPA, you have the right to decide which organisations can collect your data, how it is used and whether it can be shared. At times, it might not even be necessary for you to provide your personal data at all for companies to provide their services to you. You also have the right to tell an organisation to stop collecting, using or disclosing your personal data. As an individual, you also have the right to demand companies to dispose of your personal data securely.

Secure Shredding to help protect your business

To learn more about how Shred-it can protect your documents and hard drives, please contact us for a free quote and security risk assessment.