We thank Mr Shah Pakri for his letter (Address issues that may arise with proposed rules on IC use; Jan 1).

The proposed NRIC guidelines by the Personal Data Protection Commission (PDPC) do not restrict private sector organisations from collecting identity card (IC) numbers when it is required by law or when it is necessary to verify a person's identity.

However, the building management must put in place measures to ensure that the IC details collected are properly secured.

In general, building management should not retain the ICs of individuals as the collection of the personal data should be sufficient for verification.

With respect to public sector agencies, members of the public must comply with procedures where identity verification is required.

In November last year, the PDPC sought public feedback on the proposed guidelines.

In the finalised guidelines that will be released later this year, the PDPC will ensure that there is a balance between protecting individuals from the indiscriminate collection, use and disclosure of IC numbers, and the legitimate needs of organisations.

PDPC will not prescribe the types of identifiers that organisations should adopt in place of the IC or IC numbers, given the varying needs of businesses.

Nonetheless, we will share best practices in the industry to serve as a guide and to help organisations review their present procedures.

Evelyn Goh (Ms)

Director

Communications & Policy

Personal Data Protection Commission