A growing problem inside Singapore's digital infrastructure is affecting thousands of residents who have no idea it exists. Duplicate image files — identical or near-identical photographs, scans, and identity documents stored multiple times across databases — are slowing down processing systems at agencies and private firms, triggering false rejections of valid applications, and in some cases causing personal data to be matched against the wrong profile entirely.
The issue has moved from a technical nuisance to a genuine community concern as Singapore pushes deeper into e-government services. More residents now submit housing applications, medical referrals, insurance claims, and CPF top-up requests entirely online, uploading photographs and scanned documents each time. Without robust deduplication protocols, the same image can be stored dozens of times across separate arms of the same agency, inflating storage costs and, more critically, muddying the audit trails that determine whether a transaction is approved or flagged.
Where the Problem Shows Up in Daily Life
At the Housing Development Board's e-Application portal, residents applying for Build-To-Order flats upload NRIC scans, income documents, and passport photographs. When applicants resubmit after a failed attempt — or when a joint application creates parallel records for two applicants who share documents — duplicate images accumulate in the system. Processing staff at HDB's Toa Payoh headquarters and the satellite service centres in Woodlands and Tampines have to reconcile these records manually, a step that adds days to timelines already stretched by high demand.
The Central Provident Fund Board faces a similar challenge across its MediShield Life claims and retirement account portals. A photograph submitted for an initial SingPass facial verification may be stored again when the same user logs into CPF Online Services and again when they access HealthHub — three separate copies of the same image held by agencies under the Smart Nation umbrella, with no single point of reconciliation. The Personal Data Protection Commission has noted that unnecessary data duplication increases the surface area for breaches, a concern that is not merely theoretical after the SingHealth cyberattack of July 2018 affected records of 1.5 million patients.
Commercial operators are not insulated. Property agencies along Orchard Road and in the Marina Bay Financial Centre district that use digital onboarding platforms have reported that know-your-customer verification systems reject legitimate clients because a previously uploaded identification photograph is flagged as a duplicate of an existing record belonging to a different person — a false positive generated when two images share enough pixel-level similarity to trip an automated filter.
What Needs to Happen, and When
The Government Technology Agency, which manages the Singpass app and the National Digital Identity framework, has been rolling out improvements to its backend image-matching architecture since late 2024. The agency's Digital Government Blueprint, updated in 2023, committed to reducing redundant data storage across whole-of-government systems, though the specific target for image deduplication was not publicly specified in that document.
For residents, the practical advice is straightforward. Before submitting any digital application — whether to HDB, CPF, IRAS, or a licensed financial institution — use a single, consistent, recently taken photograph across all platforms. File names matter: systems that sort by metadata can treat a renamed copy of an existing image as a unique file, creating exactly the duplication the filters are supposed to catch. Where a portal offers a SingPass Face Verification login instead of a manual image upload, use it. The centralised biometric stored under the National Digital Identity framework is deduplicated at source.
Residents who suspect a duplicate-image error has caused their application to stall can raise the matter through the Moments of Life app or call the Singpass helpline at 6335-3533. Complaints that touch on personal data handling — including records that appear to have been merged with another person's — should be directed to the Personal Data Protection Commission, which accepts formal reports through its website at pdpc.gov.sg. Processing timelines at PDPC for data accuracy complaints currently run at roughly 30 working days from acknowledgement to a substantive response.