- Joined
- Jul 14, 2008
- Messages
- 89,321
- Points
- 113
GMS has questions. 
Why NRIC is no longer "Confidential"?
Why did PDPC flip flop on the importance of Confidentiality on NRIC? In 2018, it stressed the utmost importance of keeping NRIC confidential and protected but now it says NRIC is just an "unique identifier like name" that doesn't need protection?
It is either they were talking nonsense back then or talking nonsense right now.
Singaporeans are used to treat NRIC as a very private data because we know it is an important key to many things in life. Names alone, is NOT like NRIC as many people can share the same name.
NRIC when used together with other personal private data like bank accounts, birth dates, phone numbers etc can be an effective authentication for individual's identity.
It is only when NRIC becomes OPEN secret to the whole world together with some of these corresponding personal data will make these authentication invalid and unsafe to identity thefts.
I believe it's due to the MASSIVE leaks by other organizations which made this unique identifier NRIC totally invalidated and the most glaring incident in the past decade are the 1.5m data leaks by Singhealth and subsequently, the leaks from SingTel.
These leaks are of massive scale which not only include NRIC and names but also included addresses, date of birth, phone numbers etc.
Thus, when the leaks from Singhealth happened, all banks and financial institutions were informed and they scrambled to put up new authentication methods for their system.
Singhealth wasn't really "punished" apart from some sacking and demotion carried out internally. But the spillover impact on private sector was huge and costly.
I believe not only private institutions were affected, such leaks also subject Singaporeans to "effective convincing scams and frauds" over the years. This made us the "number one scammed city" in the world!
The issue here is PAP GOV didn't want to come clean on the fundamental reasons why they have to declare NRIC no longer a confidential personal data worth protecting... Well because there was a massive leak in the place which compromised and made NRIC totally invalid for personal authentication of Real identity. It means that identity thefts will be rampant even if NRIC is the unique identifier of individuals.
They will start using finger prints and face recognition technology but if one day, there is another huge massive leak of such data, these will become invalidated as well with AI!
The PAP Gov has to face reality. Putting stringent PDPA requirements on private entities while its own government agencies lax screw ups will only destroy our authentication system in Singapore and it will be extremely costly to private sectors.
All these nonsensical excuses put up by their "experts" and faceless spokespersons will not convince anyone.
Even if NRIC is no longer valid as authentication data, it doesn't mean the gov should reveal our private data freely. There are huge implications in doing so.
Goh Meng Seng People's Power Party
10h ·Why NRIC is no longer "Confidential"?
Why did PDPC flip flop on the importance of Confidentiality on NRIC? In 2018, it stressed the utmost importance of keeping NRIC confidential and protected but now it says NRIC is just an "unique identifier like name" that doesn't need protection?
It is either they were talking nonsense back then or talking nonsense right now.
Singaporeans are used to treat NRIC as a very private data because we know it is an important key to many things in life. Names alone, is NOT like NRIC as many people can share the same name.
NRIC when used together with other personal private data like bank accounts, birth dates, phone numbers etc can be an effective authentication for individual's identity.
It is only when NRIC becomes OPEN secret to the whole world together with some of these corresponding personal data will make these authentication invalid and unsafe to identity thefts.
I believe it's due to the MASSIVE leaks by other organizations which made this unique identifier NRIC totally invalidated and the most glaring incident in the past decade are the 1.5m data leaks by Singhealth and subsequently, the leaks from SingTel.
These leaks are of massive scale which not only include NRIC and names but also included addresses, date of birth, phone numbers etc.
Thus, when the leaks from Singhealth happened, all banks and financial institutions were informed and they scrambled to put up new authentication methods for their system.
Singhealth wasn't really "punished" apart from some sacking and demotion carried out internally. But the spillover impact on private sector was huge and costly.
I believe not only private institutions were affected, such leaks also subject Singaporeans to "effective convincing scams and frauds" over the years. This made us the "number one scammed city" in the world!
The issue here is PAP GOV didn't want to come clean on the fundamental reasons why they have to declare NRIC no longer a confidential personal data worth protecting... Well because there was a massive leak in the place which compromised and made NRIC totally invalid for personal authentication of Real identity. It means that identity thefts will be rampant even if NRIC is the unique identifier of individuals.
They will start using finger prints and face recognition technology but if one day, there is another huge massive leak of such data, these will become invalidated as well with AI!
The PAP Gov has to face reality. Putting stringent PDPA requirements on private entities while its own government agencies lax screw ups will only destroy our authentication system in Singapore and it will be extremely costly to private sectors.
All these nonsensical excuses put up by their "experts" and faceless spokespersons will not convince anyone.
Even if NRIC is no longer valid as authentication data, it doesn't mean the gov should reveal our private data freely. There are huge implications in doing so.
