Earlier this week, many Singaporeans were shocked to discover that personal information, including NRIC numbers they assumed were private and confidential, could be easily accessed through ACRA’s Bizfile platform.
The revelation, quickly confirmed by the government, ignited widespread concern over privacy and data security. In response to public outcry, the search function on Bizfile was temporarily disabled, and ACRA has since assured the public that when the search feature is reinstated next week, NRIC numbers will no longer be visible.
However, this issue may come across as less of a surprise for business owners in Singapore.
This is because companies’ directors, shareholders and secretaries are likely already aware that some of their personal information is already available on their companies’ business profiles, which anyone can purchase from ACRA. This profile includes not only information about the business itself but also personal details of key stakeholders. These include their names, NRIC and even home addresses.
While transparency is critical for fostering trust and accountability in the business environment, the public availability of such sensitive information has raised valid concerns about privacy and security.
Corporate Transparency – But At What (Or Whose) Cost?
Without delving too deeply into why the personal details of directors, shareholders, and secretaries must be publicly accessible, the principle of corporate transparency is simple: it allows businesses to verify who they are dealing with and access key details about companies they might want to collaborate with.
This is why such business profiles are made available for purchase through platforms like ACRA. Charging a fee helps deter casual misuse by bad actors, though it’s essential to acknowledge that this does not eliminate the risks of data exploitation.
Any online information is inherently vulnerable to exposure in today’s internet-driven world.
As an editor at DollarsAndSense, I am keenly aware of this reality. My name, job title, email address and even mobile number are readily available in media databases, which can be accessed for a fee or subscription. This likely explains why we sometimes get unsolicited calls from PR people hoping to contact us for a story we are not interested in covering.
While it can be annoying, the truth is that these personal details of mine and many others can still be accessed at a fee by whoever is willing to pay for it.
Your Personal Information Is Not Private Information
The best way to think about it is that personal information isn’t always private. For example, your mobile number is undoubtedly personal—you wouldn’t share it with just anyone or post it publicly on Facebook.
However, assuming your mobile number is as private as other sensitive details such as your payslip would be naïve. Similarly, while your home address is personal, it’s often shared with delivery and other service personnel. It’s personal, yes, but not entirely private.
This distinction highlights the importance of treating such information with caution.
For instance, no one in their right mind would use their mobile number, home address, or date of birth as their password—because these details, while personal, are still accessible to others in some capacity. Understanding this difference can help us better protect ourselves in a world where personal information is increasingly visible.
Where The Authorities Made A Mistake
This is where I believe the authorities have made a misstep. Just because a piece of information isn’t entirely private doesn’t mean it should be public and easily accessible. It’s like saying that since many scammers probably already have our mobile numbers, it’s okay for those numbers to be accessible to everyone. That logic doesn’t hold.
For business owners in Singapore, this saga serves as an important reminder to stay vigilant about personal information that we know is already available in the public domain and, if required, to enhance our privacy and personal security. Whether it’s our name, NRIC, home addresses, or our own businesses, none of these are truly private. The assumption we should have is that anyone determined enough can access this information, and we must not rely on it being hidden to ensure our safety.
Instead, we need to proactively implement measures to protect ourselves, such as using secure passwords, avoiding the use of easily accessible details in verification processes, and staying alert to potential misuse of this publicly available data.
Read Also: Changes To PDPA: Situations When Companies Are Allowed To Collect Or Disclose Data
Subscribe To The DollarsAndSense Business Pass
Enjoy what you are reading and want more? Join The DollarsAndSense Business Pass and unlock access to valuable tools, exclusive networking opportunities, and tap into the wisdom of industry experts to fuel your business expansion!
