Since last September, Singapore has imposed stricter laws that legally bar organisations from collecting, using or disclosing NRIC numbers or making copies of the identity card. These rules are enforced by Singapore’s privacy watchdog, the Personal Data Protection Commission (PDPC).
But in Covid-19 times, you might wonder why you have to scan your NRIC or input your details when you do SafeEntry via phone. Are they allowed to collect your data? The short answer is, yes.
On the PDPC website, they wrote:
“Organisations may collect personal data of visitors to premises for purposes of contact tracing and other response measures in the event of an emergency, such as during the outbreak of the coronavirus disease 2019 (COVID-19).
In the event of a COVID-19 case, relevant personal data can be collected, used and disclosed without consent during this period to carry out contact tracing and other response measures, as this is necessary to respond to an emergency that threatens the life, health or safety of other individuals.
As organisations may require national identification numbers to accurately identify individuals in the event of a COVID-19 case, organisations may collect visitors’ NRIC, FIN or passport numbers for this purpose.
Organisations that collect such personal data must comply with the Data Protection Provisions of the PDPA, such as making reasonable security arrangements to protect the personal data in their possession from unauthorised access or disclosure, and ensuring that the personal data is not used for other purposes without consent or authorisation under the law.”
But what other circumstances allow organisations to collect your personal data? Here are a few.