Jump to content

ACRA's full NRIC disclosure controversy: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 34: Line 34:


=== Privacy Concerns and Exemptions ===
=== Privacy Concerns and Exemptions ===
The controversy drew further scrutiny when it was revealed that ACRA, as a statutory board, is exempt from the Personal Data Protection Act (PDPA), which governs the collection, use, and disclosure of personal data by private organisations.  
The controversy drew further scrutiny when it was revealed that ACRA, as a statutory board, is exempt from the [https://sso.agc.gov.sg/Act/PDPA2012 Personal Data Protection Act] (PDPA), which governs the collection, use, and disclosure of personal data by private organisations.  


This exemption meant ACRA faced no penalties for exposing full NRIC numbers, unlike private entities, which are held to stricter standards.
This exemption meant ACRA faced no penalties for exposing full NRIC numbers, unlike private entities, which are held to stricter standards.
Line 42: Line 42:


The PDPA explicitly requires organisations to implement '''“reasonable security arrangements”''' for sensitive personal data like NRIC numbers.  
The PDPA explicitly requires organisations to implement '''“reasonable security arrangements”''' for sensitive personal data like NRIC numbers.  
The Advisory Guidelines on PDPA for NRIC and Other National Identification Numbers, introduced in 2018, was removed from the Personal Data Protection Commission’s (PDPC) website. A notice on the page stated: ''“The document is temporarily unavailable as it is undergoing updates.”''
[[File:PDPC guidelines 2018.png|thumb|PDPC guidelines 2018]]


=== Media Coverage and Public Statements ===
=== Media Coverage and Public Statements ===