- If not required by law, companies are not allowed to obtain user’s/customer’s NRIC number. Thus, requesting for photocopy of identity document in this instance, will be absolutely illegal.
- Such instances include but not limited to redemption of free parking, signing up for retail membership, submitting feedback or registering interest in a product/service, online purchase of movie tickets, and participating in lucky draw.
- Examples of such instance are: seeking medical treatment, checking into hotel, subscribing to mobile telephone line, enrolling into private education institution, new employee joining an organization.
The ruling isn’t just limited to citizen’s and permanent resident’s NRIC, but also Foreign Identification Number (FIN), Work Permit number, Birth Certificate number, as well as any document containing these numbers.
Check-out the Advisory Guidelines (PDF).
Alternatives to NRIC
In event where your business is not allowed to collect user’s NRIC, some alternatives suggested by PDPC are:
- User-generated ID
- Tracking number
- QR code
- Monetary deposit
- Partial NRIC (e.g. last 3 numerical digits and checksum of IC)
Protect Your Customer’s IC Document
And to organizations who are allowed to collect customer’s NRIC, you may want to consider taking measures to uphold information security, and to protect your customer’s personal data.