Citizens are again being assured that their personal information will be safe under the National Identification System (NIDS).
This assurance comes from Minister without Portfolio in the Office of the Prime Minister, Hon. Floyd Green, who said that the Government is taking every step to comply with international standards and best practices for data security and privacy.
“The Government has engaged the Estonians to work with the Project Executing Unit to develop all the security policies and standards for the NIDS. These standards will be adopted and implemented by the National Identification and Registration Authority (NIRA) during the pilot of NIDS,” he said.
The Minister was giving an update on the NIDS project during his contribution to the 2022/23 Sectoral Debate in the House of Representatives on Tuesday (May 24).
He noted that a Jamaican cybersecurity firm has also been engaged to participate in the “hardening” of the National Identification System, which will work concurrently with international security experts.
Minister Green said that the NIDS databases are encrypted by transparent data encryption in fulfilling the requirements outlined in the National Identification and Registration Act (2021).
He explained that transparent data encryption secures the information within the database’s physical files, so that once an individual’s data is entered into the system, it is shielded so “somebody just can’t go and look and see it”.
“We are ensuring that the audit trails of the system will be protected using blockchain technology. What it means, is that if there is unauthorised access or unauthorised use, there will be a record that cannot be deleted by NIRA’s officers. This is a new era of transparency. This is new for Jamaica, and this is good for building public trust and ensuring that we think digital,” he said.
Importantly, Minister Green informed that the provision of information on a person’s identity will not be at the discretion of NIRA officers.
“The verification of identity is at the individual’s request or an accredited third party with the individual’s consent… . Other than those ways, it cannot be accessed… unless by court order,” he pointed out.
Mr. Green noted that NIRA, which will be responsible for the administration of NIDS, must register and be monitored as a data controller under the Data Protection Act, and as such, NIRA and its officers are accountable under the Act and must comply with data privacy and security.
“This is the first time in our history that we have built in a double oversight mechanism. So, under the Data Protection Act, the Information Commissioner, who was appointed in December 2021 will provide practical monitoring of NIDS relating to data protection and privacy,” he said.
Minister Green informed that the next layer of data protection is the establishment of an independent oversight body, the National Identification and Registration Inspectorate, which will be mandated to monitor the Authority’s compliance with the NIDS law and to report its findings directly to Parliament.
“The Inspectorate will be empowered to take action independently or to bring to the attention of the appropriate regulatory/disciplinary body, where it is found that the Authority or its employees, have violated the enabling legislation.
Minister Green stressed that the Government has ensured that all reasonable steps were taken in keeping with best practices worldwide to ensure citizen’s data is protected.
“[NIDS] will have the Prime Minister’s information; it will have all of our information; it will have our children’s information. So, we have gone to the full extent to ensure that it is safe,” he said.
Personal Information Safe Under NIDS