From Sept 1, organisations will not be allowed to collect, use or disclose a person's NRIC number, or any other national identification numbers such as birth certificate numbers, foreign identification numbers and work permit numbers. The following are some scenarios where a private security officer may ask for your identification number and whether you should comply.
WHERE YOUR FULL NRIC DETAILS MAY BE ALLOWED TO BE COLLECTED, USED OR DISCLOSED
For entry into sensitive places such as bank vaults, data centres, server rooms or security operations rooms.
However, the details should not be recorded where other visitors or unauthorised persons can view them.
WHERE SECURITY OFFICERS MAY ASK TO VISUALLY INSPECT YOUR NRIC, BUT NOT RECORD THE FULL NUMBER
• Criminal offences such as trespassing. Depending on the severity of the offence and the security risk posed, there may be no need to verify your identity to a high certainty. The officer may instead record a partial NRIC number, full name, mobile number or postal code.
• Civil suits such as nuisance or harassment cases, if the officer believes there is a high chance you are not being truthful about information.
• Violating in-house rules such as smoking or unauthorised parking in a private residence, as the management corporation may need to take follow-up action against the offender.
• Collecting a parcel that was left with a security officer.
SITUATIONS WHERE SECURITY OFFICERS SHOULD NOT ASK FOR YOUR NRIC DETAILS
When claiming or depositing lost or found items.
However, if the item is of a sensitive nature or highly valuable, the officer may inspect your NRIC to verify your identity. If the item is not of a high value, there is no justification for the officer to collect, use or disclose your full NRIC details.
WHAT TO DO IF YOU BELIEVE THE COLLECTION OF YOUR NRIC NUMBER HAS VIOLATED THE PDPA
After Sept 1, you may file a complaint with the Personal Data Protection Commission, which will investigate the matter. An organisation found to have breached the PDPA may be required to stop collecting, using or disclosing the data; destroy the data collected; provide access to or correct the data; and/or be fined up to $1 million.
SOURCE: SECURITY ASSOCIATION SINGAPORE