Latest news with #PersonalDataProtectionCommission
CNA
4 days ago
- Business
- CNA
Private sector urged to move away from using NRIC numbers as means of authentication
The authorities have urged private sector organisations to move away from using NRIC numbers as a means of authentication. The Personal Data Protection Commission and Cyber Security Agency of Singapore are also working with regulated sectors — such as finance, healthcare and telecommunications — to provide sector-specific guidance in the coming months. Nicolas Ng reports.
Business Times
4 days ago
- Business
- Business Times
Stop use of NRIC numbers for authentication, agencies urge private sector: MDDI
[SINGAPORE] The Personal Data Protection Commission (PDPC) and Cyber Security Agency (CSA) advised private organisations to stop using national registration identity card (NRIC) numbers for authentication in a joint advisory posted on their websites on Thursday (Jun 26). This comes on the back of government efforts, since January, to ensure the proper use of NRIC numbers in the private sector to better protect citizens, the Ministry of Digital Development and Information (MDDI) said in a statement on the same day. 'NRIC numbers should not be used to prove that a person is who he claims to be for the purposes of trying to gain access to services or information meant only for that person,' the MDDI statement said. 'It is unsafe for organisations to use NRIC numbers in this manner because a person's NRIC number may be known to others, permitting anyone who knows his NRIC number to impersonate him and easily access his personal data or records,' the MDDI statement added. The ministry noted that some private sector organisations currently require individuals to use their NRICs as passwords to access information intended solely for them, such as insurance documents. Organisations that use full or partial NRIC numbers for authentication should transition away from this practice as soon as possible, it said. This includes not setting NRIC numbers as default passwords and not using full or partial NRIC numbers with other easily obtainable personal data. 'If it is necessary to authenticate a person, organisations should consider alternative methods, for example requiring the person to use strong passwords, a security token or fingerprint identification,' the MDDI statement said.
Business Times
4 days ago
- Business
- Business Times
Stop using NRIC numbers - full or partial - for authentication, private organisations told
[SINGAPORE] The Personal Data Protection Commission (PDPC) and Cyber Security Agency (CSA) urged private organisations to stop using national registration identity card (NRIC) numbers for authentication in a joint advisory posted on their websites on Thursday (Jun 26). This comes on the back of government efforts, since January, to ensure the proper use of NRIC numbers in the private sector to better protect citizens, the Ministry of Digital Development and Information (MDDI) said in a statement on the same day. 'NRIC numbers should not be used to prove that a person is who he claims to be for the purposes of trying to gain access to services or information meant only for that person,' the MDDI statement said. 'It is unsafe for organisations to use NRIC numbers in this manner because a person's NRIC number may be known to others, permitting anyone who knows his NRIC number to impersonate him and easily access his personal data or records,' the MDDI statement added. The ministry noted that some private sector organisations currently require individuals to use their NRICs as passwords to access information intended solely for them, such as insurance documents. Organisations that use full or partial NRIC numbers for authentication should transition away from this practice as soon as possible, it said. This includes not setting NRIC numbers as default passwords and not using full or partial NRIC numbers with other easily obtainable personal data. 'If it is necessary to authenticate a person, organisations should consider alternative methods, for example requiring the person to use strong passwords, security token or fingerprint identification,' the MDDI statement said.
Straits Times
4 days ago
- Business
- Straits Times
Private sector urged to stop using NRIC numbers as passwords, with new advisory issued
The Government has been taking steps since January to ensure the proper use of NRIC numbers in the private sector. ST PHOTO: MARK CHEONG Private sector urged to stop using NRIC numbers as passwords, with new advisory issued SINGAPORE - A new guide to stop the use of National Registration Identity Card (NRIC) numbers as passwords in the private sector was issued on June 26, with organisations advised to stop this practice 'as soon as possible'. The advisory by the Personal Data Protection Commission and Cyber Security Agency of Singapore has been posted on both their websites, said the Ministry of Digital Development and Information (MDDI) in a statement on June 26 . The Government has been taking steps since January to ensure the proper use of NRIC numbers in the private sector, and is working with the finance, healthcare and telecommunications sectors, among others, in the coming months to develop targeted guidance, the ministry added. Private sector organisations currently may require a person to use their NRIC number as a password to access information intended only for them in certain documents, such as insurance records . This is unsafe because the person's NRIC number may be known to others, allowing others to impersonate them and have access to their personal data or records, MDDI said. This is different from organisations using NRIC numbers to identify a person over the phone or online. Private sector organisations are advised to move away from using full or partial NRIC numbers to authenticate a person's identity 'as soon as possible', MDDI said. This includes stopping the use of NRIC numbers as default passwords or partial NRIC numbers that are combined with a date that is easily obtainable, such as date of birth, in documents like password-protected files sent via e-mail. If it is necessary to authenticate a person, MDDI suggested that organisations use methods such as asking the person to use strong passwords, use a security token or have a fingerprint identification system. 'The government remains committed to protecting citizens' personal data and ensuring its secure use for rightful purposes,' added MDDI. The issue of privacy of NRIC numbers arose in December 2024, when users of the Accounting and Corporate Regulatory Authority's new Bizfile web portal raised concerns after realising that people could search for and view the full NRIC numbers of others, without having to log in. Join ST's WhatsApp Channel and get the latest news and must-reads.
The Star
13-06-2025
- The Star
Senegal's revenge porn victims made to suffer double shame
Hardly a week goes by without a new revenge porn scandal making the news or ricocheting around social media in the West African country, where many hold traditional conservative values. — Pixabay DAKAR: Rama's life became a hell in Senegal after her ex-boyfriend not only sent her in-laws intimate photos of her, but also threatened to share them widely via a revenge porn influencer. The influencers have made a career out of posting snapshots online for their hundreds of thousands of followers, accepting payment from spurned lovers or others seeking revenge. Hardly a week goes by without a new revenge porn scandal making the news or ricocheting around social media in the West African country, where many hold traditional conservative values. The women whose photos circulate online are often judged harshly, while the men involved walk away without blame. For this reason, Rama, like the other women in this article, asked us not to use her real name in telling her story. 'Undressed' Rama's nightmare began last year some time after she left her ex-boyfriend. Resentful that she had married someone else, he first sent her husband and new in-laws photos she had shared with him when they were together. Then he threatened to turn to a famous Senegalese influencer. Rama's life soon began to fall apart. Her marriage broke up and she had a miscarriage. Since the beginning of last year, at least 10 such cases have been filed with Senegal's Personal Data Protection Commission (CDP), according to an AFP tally based on quarterly reports. But the actual scale of revenge porn in Senegal is much higher, according to officials who spoke to AFP. Victims who choose to come forward generally file complaints directly with the police cybercrime department, thus avoiding going public in the courts, the officials said. "The way others look at (the women) and judge them dissuades victims from going public with their cases," Mouhamadou Lo, a digital law expert, told AFP. "Silence unfortunately takes over" because the victims fear the spread of their story on social media, he said. "It's very difficult to live with the feeling of having been 'undressed'." But Rama found the courage to go to court and gave evidence at her ex's trial in April, recounting the ordeal to a packed courtroom. "Because of this story I had a miscarriage and lost my husband," the 32-year-old said. "I can't sleep anymore and I'm always scared. I had to change my phone number and block all of my social media accounts." When it was his turn to speak, her former boyfriend, 44, said he had lavished her with gifts. "I did everything for her: pocket money, the latest phone, makeup... but she betrayed me," he said from the stand. "I was angry but today I regret it," he told the court, which nonetheless sentenced him to two years in prison, one month of which was suspended, in addition to a fine of one million CFA francs ($1,743). Living with 'shame' A conviction does not necessarily erase a victim's pain, whether the photos are shared broadly or on a smaller scale. Adama has considered suicide since her ex-boyfriend shared intimate photos in a WhatsApp group after their breakup. "I had no more desire for life," the 20-year-old student told AFP with tears in her eyes. "I stopped eating, I stopped sleeping, I just wanted to die. My life is ruined forever, no one will want to marry me." Fatimatou Fall, head of the CDP's rights protection division, told AFP that "the victims are generally very helpless and disoriented". Her organisation tries to help women move on, but also works to have the compromising videos or photos removed from social media. Another victim, Mounace, said that she fled her neighbourhood in Dakar and sought refuge in her home village for more than a month after a former partner shared private images with his friends. Now back in the capital, she said she lives with "shame" and "can no longer stand the gaze of neighbours". – AFP
