November 05, 2018

Removing NRIC Details from your Organisation? Here’s how you can do it securely

In Singapore, it has long been the norm to identify oneself with 7 numbers and 2 alphabets – the NRIC. Similar to credit card numbers, full names and residential address, the NRIC number is classified as personal data and protected under the Personal Data Protection Act (PDPA).

On 31 August 2018, The Personal Data Protection Commission (PDPC) issued enhanced advisory guidelines detailing stricter rules on organisations in Singapore[1] around the collection, use or  disclose of NRIC numbers of individuals from September 2019. It was also reported that it will be illegal for organisations to hold on to a person’s NRIC, unless required by the law, such as enrolling in a private education institution or checking into a hotel.

Dispose of the data securely

With this new ruling, organisations in Singapore will have to change the way they collect data and identify individuals. In addition to that, organisations that have physical copies or records of their customer’s NRIC numbers will need to dispose of them securely. Disposing of personal data in a recycling bin or throwing away hard disk drives in a regular bin will no longer suffice, as there are many ways that the materials could be accessed and data could be retrieved.

To securely dispose of their data, organisations can adopt the following methods:

  • Adopt a Shred-it All Policy – Through this policy, organisations can have peace of mind that all physical copies of documents that contain NRIC numbers and other sensitive information, as well as information digitally stored within hard disk drives will be securely destroyed and disposed of.
  • Partner with a document destruction expert – A certified document destruction expert will be able to advise and provide secure disposal methods of all confidential information for the secure shredding of paper documents, hard drives and electronic media.

Individuals can also play a part by implementing a Clean Desk Policy at work. This ensures that there is no confidential data lying around the office that may fall into the wrong hands and result in a data breach.

Staying vigilant when it comes to collecting and processing personal data is important for all organisations as they need to remain compliant with the PDPC and the General Data Protection Regulation (GDPR). Non-compliance can result in fines of up to S$1 million, incalculable reputational damage and loss of business.

Start Protecting Your Business

Learn more about how Shred-it can safeguard your unwanted documents and hard drives by contacting us for a free quote and security risk assessment.




[1]The Straits Times. 2018. Stricter rules to protect NRIC data from next Sept. [ONLINE] Available at: [Accessed 14 September 2018].