Tommy Broughan (Dublin Bay North, Independent)
Link to this: Individually | In context | Oireachtas source

100. To ask the Minister for Employment Affairs and Social Protection the measures she has taken to address concerns outlined at a meeting (details supplied) regarding security; and if she will make a statement on the matter. [8300/18]

Mick Wallace (Wexford, Independent)
Link to this: Individually | In context | Oireachtas source

101. To ask the Minister for Employment Affairs and Social Protection the person or body that is the data controller for the public services card and attendant database; the way in which this information affects her Department in relation to the public services card and single customer view; and if she will make a statement on the matter. [8445/18]

Regina Doherty (Meath East, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 100 and 101 together.

I am assuming that the Deputy is referring to security of the data relating to the Public Services Card.

The purpose of the Public Services Card (PSC) is to enable individuals to gain access to public services more efficiently and with a minimum of duplication of effort, while at the same time preserving their privacy to the maximum extent possible. A PSC is issued once a person successfully completes a SAFE2 identity verification, i.e., has their identity verified to a substantial level of assurance.

Section 263 of the Social Welfare Consolidation, Act (as amended) provides that:

(a) the following information is inscribed on the Public Services Card (PSC): forename, surname, Personal Public Service (PPS) Number, photograph, signature, card issue number and expiry date; and

(b) the following information is encoded on the chip of the PSC: forename, surname, date of birth, place of birth, sex, nationality, former surnames (if any), mother’s former surnames (if any), photograph, signature, issue number of the PSC, and expiry date of the PSC.

The above data (apart from the issue number and expiry date of the PSC) is part of the Public Service Identity (PSI) dataset as set out in section 262 of the Social Welfare Consolidation Act 2005 (as amended). Section 262 also sets out how the sharing and use of the PSI data is restricted to public service bodies specified in law or their agents. Designation as a specified body requires primary legislation and as such can only be done by an Act of the Oireachtas. I am not aware of any plans to specify any additional bodies.

Section 262 also provides that PSI data can only be used by a specified body for authenticating the identity of an individual with whom it has a transaction and in performing its public functions insofar as those functions relate to the person concerned. In addition, where a specified body collects any element of PSI data from a person, that information shall also be collected for the purpose of maintaining the person’s public service identity. Additional cover is provided by the Data Protection Acts as amended, Subsection 1 c iii of Section 2A, where personal data may be processed providing “the processing is necessary for the performance of a function of the Government or a Minister of the Government”.

The PSI data set is stored in enterprise class databases maintained in the Department’s secure data centres. The Department is committed to ensuring that customers’ personal data is securely held and used only for business purposes. Access to the dataset is restricted to those members of staff who have a business need to reference the data and all accesses to the data are logged. All members of staff must, on an annual basis, sign undertakings that they have read, and will act in accordance with, data protection policies and guidelines. Failure to comply with these simple rules could leave them exposed to potentially serious allegations. Where such allegations are substantiated, staff could face disciplinary action (including possible dismissal) and potential legal action including possible claim for compensation for distress/damage caused to the customer. The Department ensures oversight in relation to data protection by keeping records of data accesses which are then subject to audit. Twenty eight security audits have been undertaken within the last five years, twenty two of these are completed, and six are in progress. Three Penetration tests, two Privacy Impact Assessments, and a Risk Assessment of the IS environment were also carried out during this timeframe. The PSI data set is also stored by the Department of Public Expenditure and Reform as part of the Single Customer View. This system brings identity data together from a number of public bodies. The Single Customer View database is stored in a secure government data centre. Access to the data is tightly controlled and restricted to the government network. All data access is logged and regularly audited. The Secretary General of the Department of Employment Affairs and Social Protection, Aras Mhic Diarmada, Store Street, Dublin 1 is the Data Controller for the PSI dataset held by the Department including the Single Customer View. As required under Section 16 of the Data Protection Acts 1988 and 2003 these details are listed on the Register maintained by the Data Protection Commissioner.

Separately each specified body that collects or holds PSI data elements is the data controller in respect of their holding of the data on their own systems or databases.

The PSC is produced in Ireland by an Irish-registered company called BCS. It was a condition of the award of contract that all data and related services provision and operation be provided on-site in Ireland and subject to the jurisdiction of the Irish courts. Once PSCs are personalised (i.e., the data is put on the card), the data used to personalise them is not retained by BCS but is destroyed as an automatic part of the personalisation process in accordance with advice provided by the Office of the Data Protection Commissioner. In addition the systems used in the card production have been subjected to audit by external experts.

The PSC itself has multiple protection mechanisms, all of the highest current international standards, to prevent and detect tampering with the physical card and its contents. As well as some hidden security features, there are visual measures such as the overall graphical design, branding, microprinting, the use of optical variable ink and a kinegram.

In addition, a PSC and a card reader communicate with each other by cryptographic means. Only card readers specifically programmed to accept PSCs can undertake this functionality.

I hope this clarifies matters for the Deputies.