Wednesday, 20 September 2017
Ceisteanna - Questions (Resumed) - Priority Questions
Public Services Card
32. To ask the Minister for Employment Affairs and Social Protection her plans to extend the scope of the public services card; the measures currently in place to ensure data protection and confidentiality; and if she will make a statement on the matter. [39693/17]
I am aware that there are 2.7 million public services cards in circulation but as the Minister is aware, concerns have been expressed recently about plans to extend the scope of the public service card and about how confidentiality of the information contained on the card can be maintained.
The purpose of the public services card, PSC, is to enable individuals to gain access to public services more efficiently and with a minimal duplication of effort, while at the same time preserving their privacy to the maximum extent possible. The purpose of SAFE 2 registration, underpinned by legislation, is to verify a person's identity to a substantial level of assurance. Once identity is verified, a public services card can be issued. My Department makes it clear to our customers that they need to complete a SAFE 2 registration to access, or continue to access, payments and entitlements. This is not an unreasonable condition given the value of payments made to customers and the overwhelming majority of customers have no difficulty in completing the process. I have no plans at this time to introduce any changes to the PSC other than those which are contained in the Social Welfare, Pensions and Civil Registration Bill 2017 which is coming before the House in an hour's time.
As part of the Department's commitment to ensuring data protection and confidentiality, all customer data is stored in its secure data centres which are subjected to regular security tests. Access to the data is restricted to those who have a business need.
All such accesses are logged and audited. All staff must, on an annual basis, sign undertakings that they will act in accordance with data protection policies and guidelines. Substantiated allegations of breaches of these policies could result in disciplinary action, including possible dismissal, legal action and possible claims for compensation by a customer.
The PSC is produced in a secure facility in Ireland and the data to produce it is immediately destroyed on card production, in accordance with the advice of the Office of the Data Protection Commissioner. The systems used in the card production are subjected to audit by external experts.
Does the Minister accept that concerns have been raised and that they are legitimate? They have been raised by ordinary citizens, by the Data Protection Commissioner and her predecessor, by distinguished information technology lawyers who say that clear information is needed on what data has been collected, the purpose of the data and who exactly will have access to it. Is the Minister aware of the statement by the Data Protection Commissioner on 30 August last that there must be clarity regarding the mandatory use of the PSC in accessing certain public services? What will the Minister do to bring that about? If the Data Protection Commissioner made this complaint on 30 August it is clear that she is not satisfied with the situation in place.
The Deputy is right, several eminent people, none less so than the Data Protection Commissioner, legal experts and normal citizens have expressed concerns arising from statements made over the summer. The Data Protection Commissioner has asked for several things to be clarified. Staff from my office met with her and we are in the process of clarifying those issues. I do take on board that if there is ambiguity about why the card is issued, where the legislation came from, what public services it will entitle someone to access, what other Departments the legislation allows my Department share that information with, we are very willing to run the publicity campaign we ran some years ago again. I certainly did not help the situation during the summer with my description of the card as a requirement to access public services but it is a requirement to access public services in the Department Employment Affairs and Social Protection. It has become a requirement for other Departments. I will certainly address the 49 questions the Data Protection Commissioner sent to our office. That process started with a meeting between the Secretary General and the commissioner and we will respond in writing and publish the statement then.
When does the Minister envisage that this information will be published? The Department has got the questions from the Data Protection Commissioner and I presume it envisages issuing answers to those questions. What is the approximate timescale within which that will be done?