Tuesday, September 11, 2018

What can Your Business Do to Comply with Singapore PDPA for National Identification Numbers?

The Personal Data Protection Commission (PDPC) of Singapore updated NRIC rules (PDF) to enhance consumer protection from 1st Sep 2019.

  1. If not required by law, companies are not allowed to obtain user’s/customer’s NRIC number. Thus, requesting for photocopy of identity document in this instance, will be absolutely illegal.
    • Such instances include but not limited to redemption of free parking, signing up for retail membership, submitting feedback or registering interest in a product/service, online purchase of movie tickets, and participating in lucky draw.
  2. Companies can only collect and use NRIC number if required by law, or when it is necessary to accurately establish or verify the identity of an individual to a high degree of fidelity.
    • Examples of such instance are: seeking medical treatment, checking into hotel, subscribing to mobile telephone line, enrolling into private education institution, new employee joining an organization.
The ruling isn’t just limited to citizen’s and permanent resident’s NRIC, but also Foreign Identification Number (FIN), Work Permit number, Birth Certificate number, as well as any document containing these numbers.

Check-out the Advisory Guidelines (PDF).

Alternatives to NRIC

In event where your business is not allowed to collect user’s NRIC, some alternatives suggested by PDPC are:
  1. User-generated ID
  2. Tracking number
  3. QR code
  4. Monetary deposit
  5. Partial NRIC (e.g. last 3 numerical digits and checksum of IC)

Protect Your Customer’s IC Document

And to organizations who are allowed to collect customer’s NRIC, you may want to consider taking measures to uphold information security, and to protect your customer’s personal data.

Many businesses are operated on external sales or dealer network. Taking the mobile network operator as an example, subscription to prepaid or postpaid mobile service often involves a touchpoint operated by dealer. In such instance, as customer’s identity document is captured as part of the sign-up process, the customer’s IC is exposed to the risk of document mishandling. 
  1. If customer’s IC document is captured as photo from mobile registration app, the photo is likely to be available as a copy that is re-distributable without being “crossed” or watermarked. 
  2. If customer’s IC document is copied using imaging device, there is a chance that multiple copies can be made easily with a touch of a button.

Using OCR in Mobile Sales App to Capture Customer’s IC

A tested solution to address the above described issue of mishandled IC document, is by incorporating OCR (optical character recognition) function into your mobile point of sales app. By using OCR, NRIC can be easily scanned from mobile app within 2 seconds:
  1. Firstly, the OCR technology makes sure that your sales representative is scanning the correct NRIC document, and not any other unexpected input.
  2. NRIC details such as NRIC number and full name can be automatically populated into your registration/enrolment form.
  3. At the same time, an image of the NRIC document is automatically captured and automatically imposed with watermark that describes the purpose of this document image, such as “for Company XYZ service sign-up purpose only”.

OCR demo using an altered NRIC specimen
All these, happen within a few seconds. And your sales representative will not be able to keep a copy of the original NRIC document without any watermark imposed. Even when s/he attempts to perform a screen capture, your mobile sales app has already automatically imposed a watermark. As compared to the traditional method of making photocopy of NRIC documents, digital capture promotes higher degree of customer privacy protection.

Through partnership with Microblink, one of the world's best mobile OCR for ID document scanning, we are already serving a number of mobile network operators in Malaysia to address identity theft issue using OCR method as described above. These implementations account for tens of thousands of telco dealers nationwide. Not only is identity theft issue being addressed, the sign-up process for prepaid registration has also decreased from 15 minutes to less than 3 minutes.

We already support OCR scanning of Singapore's NRIC. It works even in offline mode. Checkout our demo app - EMAS ID, available for Android and iOS.

No comments:

Post a Comment