SINGAPORE, Feb. 2 -- Singapore's privacy regulator has given private organisations until December 31 to stop relying on full NRIC numbers as a way to verify users' identities, a move it says is necessary to cut the risk of unauthorised access to personal data, according to a report by CNA.

The Personal Data Protection Commission (PDPC) said today that tougher enforcement will take effect from January 1, 2027, warning that organisations could face financial penalties if they continue to use NRIC numbers - whether in full or in part - as passwords or authentication factors.

"Organisations that use NRIC numbers for authentication to access personal data may be found to have breached the Personal Data Protection Act (PDPA) for failing to ma...