Collection of NRIC details: Security, building management providers grapple with costs, time needed to change
Most cite the costs needed to upgrade existing verification systems as a key consideration ahead of the September 2019 deadline to stop collecting NRIC numbers unnecessarily.
image: data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==
Photo illustration of photocopying an NRIC (Photo: Jeremy Long)
image: data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==
By Kevin Kwang @KevinKwangCNA
04 Sep 2018 06:40AM (Updated: 04 Sep 2018 10:03AM)
Share this content
Bookmark
SINGAPORE: The costs of changing their IT systems to stop capturing people’s full NRIC number for verification as well as the time needed to do so are the challenges security and building management service providers will face, according to industry stakeholders.
Their response comes after the Personal Data Privacy Commission (PDPC) announced that organisations will have to
stop the unnecessary and indiscriminate collection of people’s NRIC numbers from September 2019.
Advertisement
FAQ: When should you show your NRIC - and when not?
In an email response to Channel NewsAsia, the Association of Property and Facility Managers (APFM) said it is “supportive” of the latest guidelines as the new measures will “provide added protection, minimise incidents of identity theft and give holders of NRICs a better peace of mind”.
The spokesperson added that while it does not see “any major challenges”, it noted the recording of only partial NRIC data will require software tweaks and time to deploy the new systems.
“Nevertheless, our members are pleased that PDPC and the Info-communications Media Development Authority (IMDA) will be publishing the technical guidelines and template notices as well as identifying pre-approved technology solutions to adopt,” the spokesperson said.
Advertisement
Shedding more light on the concerns, Mr Raj Joshua Thomas, president of Security Association Singapore, said agencies that have already implemented visitor management systems that read and record full NRIC numbers at their buildings will now have to have the systems tweaked to capture just the last three digits and the alphabet.
Additional costs would be incurred while vendors of these systems would require time to make system changes, he added.
It is worst for buildings without a visitor management system and relied on the retention of NRICs or other identification cards in exchange for a visitor pass. They will have to start from scratch to install the appropriate visitor management systems, Mr Thomas said.
IMDA had previously said small and medium-sized enterprises (SMEs) can apply for the Productivity Solutions Grant to help defray the costs.
The president added the association will help its members to adopt the new measures through its upcoming Comprehensive Guide for Security Agencies, due out next September, as well as its advisory services.
“SAS supports this move,” Mr Thomas said. “Security agencies incur liability when holding on to physical NRICs as well as NRIC data.
“The guidelines will help to ameliorate these issues, and the adoption of technology will be able to help in a big way, and is in line with the security industry’s transformation map.”
One integrated facilities management company, UEMS, which provides services to close to 100 facilities including some public hospitals, said some of its security agencies
currently collect or record NRIC numbers of visitors to the facilities.
With the rule changes though, it will be working with its security agencies and clients to review existing processes and see how it can implement the updated rules, the spokesperson told Channel NewsAsia in an email.
“We are exploring possible alternatives like user-generated IDs or organisation-issued QR codes as a replacement to the traditional NRIC collection,” added the spokesperson.
Asked if the one-year transition period will be enough time for the changes, UEMS said it “seems sufficient for now”, a sentiment shared by Mr Thomas of Security Association Singapore.
Mr Adrian Tan, TSMP Law Corporation’s head of Intellectual Property and Technology, Media and Telecom, concurred. He said the one-year period is appropriate given that Singaporeans have been living with this practice for decades.
The lawyer did point out two groups that will have to “move quickly”: People who manage commercial buildings and condominiums, as they have to reorganise the way they identify and record visitors, and businesses who have been using NRIC numbers as an “expedient way to categorise members”.
The latter group will have to think of a better substitute, and email addresses are a “good starting point”, he said.
“I hope these guidelines represent the start of a long-delayed conversation that Singaporeans need to have about data collection. We need to talk about ways to educate Singaporeans about valuing and protecting their personal information,” Mr Tan said.
Source: CNA/kk
Tagged Topics
Read more at
https://www.channelnewsasia.com/new...details-security-building-management-10680200
