Frequently asked questions
sgID exists as a module in the Singpass mobile app. sgID login uses a different protocol from the usual Singpass login. The sgID protocol is end-to-end encrypted which means that the government cannot see which businesses or government agencies you're communicating with, and what data you're sending to them.
You can see a full detailed list of data fields that are currently available via sgID in our Data Catalog.
We are in the process of adding more data fields to sgID, so please let us know if there are any particular data fields that you would like to see in sgID via this contact form!
sgID will also support third-party data sources in the future, so if there is a data source which you would like to access, please let us know via this contact form!
Yes. The PDPA requires businesses to be compliant with clauses by 1 September 2019, surrounding consent obligation, purpose limitation obligation, and notification obligation, all of which are built into sgID.
Please visit the PDPC site for more information on the legislation, guidelines, exemption, and enforcement of the PDPA.
The user data that sgID clients receive are encrypted with a block key, which is in turn encrypted with the public key associated with that client.
To access the data in plaintext, clients will need to:
- 1.Decrypt the encrypted block key with their own private key to receive the block key
- 2.Use the block key to decrypt the encrypted user data
You can learn more about how to do this in the Custom Integration section on decrypting the userinfo payload.