People will have to give explicit permission for the government
to access their personal details held on various databases before
they can get a
national identity card, ID card minister
Meg Hillier told MPs this week.
Hillier was giving evidence to the House of Commons'
Home Affairs select committee on the security arrangements for
the controversial national identity
register and associated national identity card.
There would be two databases, one for biometric data
(fingerprints, facial images and possibly later, iris scans) and
biographic data (name, address history, National Insurance number
etc), Hillier said.
A Home Office spokesman said that when a person applies for an
ID card, any information to be recorded in the National Identity
Register will be checked against a number of public or private
sector data sources to help verify the person's identity. "This
will build on existing best practice in processing passport
applications," he said.
Just over a year ago the
government dropped plans to build the NIR from scratch. It
opted to use Immigration computer systems to store biometric data
and the Department of Work & Pension's National Insurance
database to store biographic data.
Hillier said fewer than 100 people will have access to the
entire dataset of a NIR record. Each access to a record would have
an audit trail, and access to some data fields in the record would
require two simultaneous authenticated and credentialed users.
All transfers of data would be encrypted, she said. "There will
be no discs flying around (with unencrypted data on them)," she
said. This was a reference to the
loss by HM Revenue & Customs last year of two compact discs
containing the personal and banking details of 25 million child
benefit claimants. Hillier admitted that the incident had "dented"
people's confidence in the government's ability to protect
sensitive personal data.
Hillier said she expected most external use of the NIR would be
to confirm that a person's identity was registered. Very rarely,
and then only to agencies IPS audited for security, would further
details be given, she said.
People would be entitled to ask the "identity custodian" who had
looked at their records, she said. There were no plans to follow
committee chairman Keith Vaz's suggestion that IPS provide a
"Google Alert" to warn people when someone looked up their
data.
She said people don't expect the credit vetting agencies to tell
them when someone checks up on them, nor did the Passport Office
when someone verified a passport's validity. IPS was taking the
same approach.
Duncan Hine, who is in charge of security arrangements for the
NIR and ID card, said security on the biometric database would be
the highest possible and certified by government, but security
around the biographic data would be less stringent.
Hillier said that the
procurement process now underway should be completed by the end
of the year with roll-out of ID cards starting early in 2009.