Pritam Singh presses SM Teo over NRIC ummasking saga, SM blames miscommunication

SINGAPORE: During the Parliament sitting on 6 March, Leader of Opposition Pritam Singh sought multiple clarifications from Senior Minister Teo Chee Hean following his ministerial statement on the NRIC unmasking saga.

Teo addressed the incident following a review panel’s investigation into the incident on 9 December 2024, which found lapses in processes and communication between the Accounting and Corporate Regulatory Authority (Acra) and the Ministry of Digital Development and Information (MDDI).

Singh’s questions, which followed up on his earlier parliamentary question filed in January, focused on the miscommunication between the ACRA and the MDDI, particularly regarding how directives in the 5 July 2024 circular minute (CM) were interpreted and implemented.

Singh first asked whether ACRA had provided MDDI with a complete list of all previous correspondence with members of the public that contained masked NRIC numbers.

He pressed for details on when this list was submitted and asked how MDDI had responded. He noted that this was crucial to understanding whether ACRA had sought appropriate guidance before making changes to its Bizfile portal.

His second question centred on ACRA’s internal discussions with MDDI, which reportedly began in February 2024 and were related to the People Profile function, rather than the People Search function.

Singh highlighted that according to the review panel’s report, from July to early August 2024, ACRA had sought clarification from MDDI on how the CM should be applied to Bizfile’s new portal, launched on 9 December 2024. He questioned what specific clarifications ACRA had sought and how MDDI had responded.

Singh Questions ACRA’s Oversight and Risk Assessment on NRIC Unmasking

Singh referenced to the report, which mentioned a 30 July 2024 email from an ACRA officer to MDDI.

This officer had not attended MDDI’s earlier briefing nor seen its FAQ document and had asked whether system enhancements were needed to remove the masking of NRIC numbers in the People Search function.

Singh pointed out that, at this stage, the old Bizfile system had been displaying masked NRIC numbers, and ACRA seemed to believe this practice would continue under the new system until further guidance was issued by MDDI.

He questioned what changed after this point that led to the unmasking of full NRIC numbers.

Singh further pressed when ACRA’s senior management had fully reviewed the new Bizfile portal before its public launch and whether an independent risk assessment had been conducted regarding the full unmasking of NRIC numbers.

He referenced the report’s conclusion that ACRA failed to assess the balance between public access to information and safeguarding personal data.

“I asked this question because in the conclusion of the report, it states that ACRA did not first assess the proper balance between sharing full NRC numbers, and ensuring that they were not too readily assessable so did they assess this balance at any point in time,” said Singh.

SM Teo Cites Miscommunication and Inadequate Assessment in NRIC Unmasking Incident

Responding, SM Teo acknowledged that miscommunication between ACRA and MDDI was a key factor in the incident.

He explained that while both agencies had engaged in discussions, they had interpreted the CM differently and assumed the other party shared the same understanding. This led to a critical gap in execution.

Teo further admitted that while ACRA likely assessed the issue, its evaluation was insufficient.

He noted that ACRA had not properly balanced its responsibility to provide accessible registry information with the need to manage data security, a shortcoming identified in both the review panel’s findings and his statement.

Notice: We now publish our news at The Online Citizen and Heidoh.

Follow us on WhatsApp

Follow us on Telegram