Indiscriminate collection of personal data a security risk

My letter highlighting the potential dangers of indiscriminately collecting a person's personal data was published on May 2 last year ("Keep IC numbers confidential").

I am disheartened to note that to date, many organisations have not stopped this practice.

Within merely five days this week, I have experienced three situations in which private information pertaining to myself was unnecessarily sought.

First, to participate in a lucky draw at an investment seminar I attended, I had to fill in my name, identity card number and phone number.

Second, before I could redeem free gifts from City Square Mall, I was asked for my IC number by the customer service staff.

Third, when I made a reservation at Aramsa Spa in Bishan Park, I was asked for my credit card number. When I said I was uncomfortable to reveal it, the staff member replied that it was the company's policy to solicit it as part of the reservation process.

Due to the increasing number of Internet and phone scams taking place over the years, I am appalled that organisations are still soliciting personal data from the public without appreciating the drastic consequences of such an action ("Over $4m lost in phone scams here since March"; Thursday).

For example, IC numbers are often required to log in to a person's SingPass and bank accounts, as well as the websites of the HDB and the Central Provident Fund Board. These are avenues where pertinent details are revealed and monetary transactions can take place.

If the personal data falls into the wrong hands, scammers could easily hack into the system to perform illicit activities.

It would also allow them to deceitfully convince potential victims that they are calling from legitimate organisations.

Personal information such as IC number, home address and date of birth should be revealed only in official situations, where warranted.

I suggest that the Personal Data Protection Commission (PDPC) step up its education efforts with various companies so they know that the collection of personal information should not be encouraged.

There should also be a clear and convenient means through which members of the public can inform the PDPC if they feel that organisations are unnecessarily collecting personal data.

An appropriate course of action, such as reminders or warnings, can then be taken.

Chan Kwang Ping

A version of this article appeared in the print edition of The Straits Times on June 11, 2016, with the headline 'Indiscriminate collection of personal data a security risk'. Print Edition | Subscribe