Private organisations still using NRIC numbers for authentication may face sanctions from 2027

Feb 3
1 min read

Private organisations that have not phased out the use of NRIC numbers for authentication will risk breaching the Personal Data Protection Act (PDPA) from Jan 1, 2027.

In a statement on Feb 2, the Personal Data Protection Commission (PDPC) said that organisations that continue to use NRIC numbers for authentication to access personal data may be failing to make reasonable security arrangements to protect personal data. This would constitute a breach of the PDPA.

“From Jan 1, 2027, the PDPC will step up enforcement action against such misuse, including imposing directions or financial penalties for such breaches where appropriate,” said the commission.

Recent Posts

See All

Budget 2026: Salary threshold for new Employment Pass applicants to be raised to $6,000 from 2027

Singapore retains position as least corrupt country in Asia-Pacific: Global anti-graft watchdog

Singapore rolls out 7 strategies to secure growth, good jobs amid tariff and AI threats

Comments

bottom of page