PDPC | Advisory Guidelines on the Personal Data Protection Act for NRIC and other National Identification Numbers

Advisory Guidelines on the Personal Data Protection Act for NRIC and other National Identification Numbers

These Advisory Guidelines clarify how the PDPA applies to organisations' collection, use and disclosure of NRIC (or copies of NRIC), and retention of physical NRICs by organisations.

Please refer to the full document here.

Updated as of 14 Dec 2024: In light of the MDDI statement on 13 Dec 2024 outlining the appropriate use and mis-use of NRIC numbers, these Advisory Guidelines will be updated. In the meantime, these guidelines remain valid. The PDPC advises against the use of NRIC numbers by individuals as passwords and the use of NRIC numbers by organisations to authenticate an individual’s identity or set default passwords. For more information, please refer to PDPC’s statement of 14 Dec 2024.

Template Notice for Collection of NRIC Numbers

Considerations for Collecting NRIC Numbers

Protect Your NRIC Number

Can organisations collect partial NRIC numbers?

When can an organisation retain my physical NRIC?

Does the treatment of Singapore’s NRIC numbers apply to foreign national identification numbers?

Personal Data Protection Commission