The Personal Data Protection Commission (PDPC) is set to update its advisory guidelines for National Registration Identity Card (NRIC) numbers to align with the new policy intent after the government announced its plan to stop masking NRIC numbers. The Ministry of Digital Development and Information (MDDI) stated that this change will be implemented “only after explaining the issue and preparing the ground”.
PDPC responded to queries by stating, “We are sorry for the confusion caused to the public and will fully address the public’s concerns and questions as soon as possible.” The commission acknowledges the need to update its advisory guidelines in line with MDDI’s statement but will not make further changes until consultations with industry and the public are completed.
MDDI’s statement advises against using NRIC numbers as passwords and by organizations for authentication purposes. PDPC emphasized the importance of authentication in proving one’s identity correctly without using the NRIC number, which should not be used as a secret method of authentication.
Organizations using NRIC numbers as default passwords are advised to phase out such practices promptly. Individuals were also warned against using NRIC numbers as passwords, with PDPC urging those who have done so to change their passwords immediately.
PDPC highlighted that NRIC numbers remain under the data protection obligations in the Personal Data Protection Act, emphasizing the need for valid consent and compliance with reasonable use and protection measures when collecting such data.
In 2025, MDDI and PDPC will conduct public education on the proper use of the NRIC number as a personal identifier and on safeguarding against misuse through correct authentication and password practices.
The article drew attention to the need for education regarding the responsible use of personal identification and the protection of sensitive information, in alignment with the government’s new approach towards NRIC numbers.
