SM Teo defends ACRA’s balance of transparency and data protection, dismisses compliance conflict

SINGAPORE: During the Parliament sitting on 6 March, NCMP Hazel Poa questioned the governance standards of ACRA’s security review process in the NRIC unmasking saga.

Senior Minister Teo Chee Hean delivered a ministerial statement in the House to address the incident following a review panel’s investigation, which identified lapses in processes and communication between the Accounting and Corporate Regulatory Authority (ACRA) and the Ministry of Digital Development and Information (MDDI).

On 3 March, the government released the review panel’s report, which concluded that the unmasking of NRIC numbers on ACRA’s Bizfile portal was due to miscommunication and coordination lapses, with no deliberate wrongdoing.

However, the report highlighted several shortcomings on the part of ACRA and MDDI.

In response, the government has pledged to implement corrective measures to prevent similar incidents in the future.

Poa from Progress Singapore Party (PSP) highlighted that the review panel’s report revealed that the vendor, rather than ACRA, appointed the independent security reviewer and submitted the report on its own product.

She raised concerns about the potential for abuse in this process.

She also questioned why ACRA prioritised compliance with the July circular over its obligations underthe Government’s internal code, called IM8, and the Public Sector (Governance) Act (PSGA) and whether clearer guidelines should be introduced to help public sector agencies navigate such conflicts.

Poa Questions Policy on Masked NRICs and Calls for Direct Discussions

Poa further suggested that direct discussions, rather than emails, might have prevented misinterpretations.

Additionally, she argued that the issue stemmed from the initial policy restricting full NRIC collection, which led to the creation of masked NRIC numbers and a false sense of security.

She asked if the government had reviewed this policy and what lessons had been learned.

SM Teo Dismisses Compliance Conflict, Stresses Balance in ACRA’s Role

In response, SM Teo Chee Hean reiterated that the government aims to phase out the use of NRIC numbers as authenticators and reduce reliance on partial NRICs, as they still pose security risks.

SM Teo disagreed that ACRA faced a conflict in complying with the July circular, IM8, and PSGA but acknowledged the need to strike a balance.

He emphasised that ACRA’s role is to maintain a corporate registry that promotes transparency while safeguarding personal data.

While he believed ACRA had considered this balance, he noted that it did not fully grasp the implications of its decisions.

This lack of full appreciation, he suggested, contributed to the issue.

Teo also highlighted the importance of clear communication to prevent misunderstandings in regulatory compliance.

Regarding communication, Teo agreed in principle that conversations would be helpful but pointed out that emails allow for quick communication, whereas setting up meetings could take more time.

However, he emphasised that the core issue was not the mode of communication but the differing interpretations of directives that were left unresolved, ultimately leading to the incident.

Notice: We now publish our news at The Online Citizen and Heidoh.

Follow us on WhatsApp

Follow us on Telegram