According to MDDI’s declaration, NRIC numbers are not used as passwords by individuals or are used by organizations to confirm an individual’s identity, according to PDPC.
The committee noted that it had previously taken legal action against businesses that “breached their data security duty” by using NRIC figures for verification.
It said:” A person’s title and NRIC range identifies who the person is. Authentication entails establishing that you are the person you claim to remain. This requires proof of identification, for instance, through a password, a safety gift or genetic information.
The organization shouldn’t use the NRIC range for authentication purposes because it is not a secret.
The committee also advised businesses against using NRIC amounts as the user’s definition login for services.  ,
” Companies that have such practices should cycle them out as soon as possible, “it added.  ,
On the use of NRIC numbers by individuals as passwords, the committee said they , should not be used as a password, only as” our names are not used as passwords”, adding that those who have done so if quickly transform their password.
According to PDPC, the NRIC number is also subject to the Personal Data Protection Act’s requirements for data protection, and businesses collecting such data must also obtain legitimate consent and follow reasonable use and safeguarding standards.
MDDI and PDPC does provide people learning about the NRIC number’s function and “how it should be widely used as a private id” in 2025.
Additionally, they may make an effort to educate people on how to properly use authentication and passwords to protect themselves.