Should firms be allowed to make copies of IC, credit cards?

Recently, I visited a newly opened gym to sign up for a personal training package.

I wanted to make the payment for the package with my credit card but I was taken aback when the manager of the gym made copies of my identity card and credit card.

When questioned, he said that it was the gym's policy, citing tracking reasons. In the end, I did not sign up as even the Nets transaction required my NRIC to be copied.

The IC is a permanent and irreplaceable identifier which can be used to unlock vast amounts of personal information and for illegal activities, such as identity theft and fraud. Do I have the right to refuse to allow copies of my IC and credit card details to be made? Shouldn't IC details be collected only when the law requires it?

Furthermore, are organisations allowed to withhold their services if I refuse to provide consent to having copies of my IC and credit card made?

Firms should avoid over-collecting personal data, and consider whether there may be alternatives available that can equally address its requirements.

I am sure others have been in similar situations and a clarification from the Personal Data Protection Commission on this matter would help many.

Sherman Goh Keng Hwee

A version of this article appeared in the print edition of The Straits Times on March 20, 2018, with the headline 'Should firms be allowed to make copies of IC, credit cards?'. Print Edition | Subscribe