Mr. Tim Duggan:

It is not the case that the card has a fraud focus. There is too much emphasis on the card. The issue is verifying identity to a substantial level of assurance. We have established processes to do that. The card is a side effect of that. It is a token to say a person has gone through that process and successfully verified their identity to a substantial level of assurance. No one has to get one but we do automatically issue it to a person as a token of proof that they have verified their identity to a substantial level of assurance. The difficulty for a person who does not have one is how to prove to other public bodies, or to us when they come into another of our offices, that they have done it. We would have to check through the system to make sure they had verified their identity to a substantial level of assurance. It is the same as when a person passes a driving test and gets a certificate of competence but if they are not issued with a licence how can a garda check the person passed the test? It is of that nature. We issue a token to prove the identity has been verified in accordance with the law. That is all the card is. The Minister is quoted as saying a person can take it home and put it in a drawer and she is absolutely correct. The difficulty, however, for the person is that they must needlessly go through some form of identity verification process if they choose not to use the card. That is the big issue.

Fraud is also a side effect. It is a question of making sure we are dealing with the right people, that when somebody presents we know who they are, we give them the right service and payments and no one else can pretend to be them and take their entitlement. I think Joe Duffy highlighted an issue about treatment benefit where a lady had been impersonated and the impersonator got the treatment benefit but as a consequence the first lady did not. We are trying to protect against incidents like that. This is a good side effect in that anyone trying to perpetrate identity fraud is highly unlikely to get through this process and it will be very difficult to perpetrate such frauds in the future.

The Data Protection Commissioner has set out in correspondence with the committee precisely what she is doing in her audit. The Senator mentioned some of these actions. She is examining the legal basis for processing data in connection with the public services card; considering the appropriateness of the technology and organisational measures we have employed in respect of security and other personal data processing operations; and examining the transparency of information provided to data subjects or customers in respect of the processing of personal data and she is doing that in respect of the public service identity dataset, the public services card, the single customer view and MyGovId. She hopes to conclude the initial phase next month and the second phase probably in May or June.

Somebody asked whether she had pushed it out because she had greater concerns or had looked for more information. The answer is no. We furnished the responses to her initial set of questions to the Department in early December. They were very comprehensive detailed responses. The main response ran to just under 100 pages and there were a load of documents and records associated with that which were also furnished to the Data Protection Commissioner's office. It is a lot of information. I suspect, given the pressures of work in other areas and the amount of information on this, it is taking longer than originally envisaged. The commissioner has not told us why she is extending the timeline a little but we are not concerned about it. We think it is for normal pressure of business reasons.

To date, as of this morning, 3.14 million public services cards have been issued. That represents approximately 2.65 million people. There are more cards than people for a bunch of reasons. First, people's entitlements change. A person who got it when they were younger than 18 years would automatically be issued with a new one when they pass 18. Anyone who was younger than 66 years would get a new one after that because of the free travel entitlement. Some people have lost or damaged cards and got new ones. Some have expired because the original cards were five year cards. Approximately three quarters of the adult population of the country have cards.

The figures for the cost go up to slightly earlier than end December 2017, to the time we finished producing 3 million cards as part of our contract. It was €55.7 million for everything, including the cards, the staff and a bunch of miscellaneous costs associated with systems development. I can break that down if the Deputy wants me to. The Comptroller and Auditor General estimated the cost at €59.7 million. The staff costs alone are in the region of €29 million because there have to be so many people on the ground for identity verification. That contract for the production of cards concluded at the end of 2017. We need to put a new contract in place.

I refer to second generation because there have been developments in card technology since we went out to market originally, therefore the next generation of public services cards will be slightly different to the current generation to reflect those advances in technology. We are in the process of doing that at the moment, and as a consequence the contract with BCS, the original card producer, was extended under European law for a further year. There is no volume commitment in the extended contract; it simply gives us the facility to produce first generation cards as we need them until a new contract is in place.

Deputy Brady asked about the Data Protection Commissioner and the responses to the 47 questions that she issued to the Department back in September. We produced a comprehensive guide, which is an amalgam of a number of things. It covers all of the questions the Data Protection Commissioner asked plus many of the issues that we felt were arising in the media and political coverage of the project at the time. As a consequence we put that comprehensive guide together. We furnished it to the Data Protection Commissioner in October of last year, and we have not heard whether she has any difficulty with any of the responses provided in that guide since.