Data protection tops agenda at NIDS talks
Published:Thursday | February 25, 2021 | 12:07 AM
Senior legal counsel at the Bank of Jamaica (BOJ), Celeste McCalla, is urging a joint select committee of Parliament now examining the National Identification and Registration Act, 2020, to ensure that there is a robust legislative framework to protect private data.
The new proposed National Identification System (NIDS) law allows for voluntary registration as opposed to its predecessor law, which was mandatory. The Supreme Court ruled as unconstitutional the previous law.
Public interest in the legislation heightened since last Thursday when vulnerabilities were flagged in JAMCOVID, an unrelated database of travellers’ data.
In the central bank’s submission to the committee on Tuesday, McCalla suggested that the bill be reviewed to provide for stronger measures to ensure that the information collected was protected.
“What is expected of the authorities to ensure that the information will be properly protected when it is collected by that entity and what measures will be in place for the protection of such information? We didn’t see it in the bill,” the BOJ’s senior attorney observed.
She said it would be useful if there was appropriate wording in the draft law to give Jamaicans the assurance that these matters were being addressed.
The legal team from the NIDS Secretariat, which is providing technical support for the committee, pointed to Section 23 of the proposed law that addressed McCalla’s concerns.
Section 23 said that the National Identification and Registration Authority (NIRA) shall ensure that the information stored in the national databases is kept in a secure manner and that confidentiality is preserved.
PROTECTING INFORMATION
It said that the authority shall take all necessary and appropriate measures (including technical and manual security measures) to protect the information from unauthorised access, unauthorised use, unauthorised disclosure, and any loss or distortion.
The central bank’s legal counsel also suggested that lawmakers tweak a provision in the bill that refers to the objective of preventing identity theft and other instances of fraud with respect to identify information.
She said that the word ‘preventing’ should be replaced with ‘minimising’ identity theft and other instances of fraud, as there was no guarantee that the proposed framework could absolutely stop crimes from occurring.
Attorneys from the Office of the Chief Parliamentary Counsel said the word ‘preventing’ was used deliberately in order to be consistent with the language set out in the Data Protection Act.
Chairman of the committee, Delroy Chuck, noted that the objective of the law was to prevent.
Committee member Attorney General Marlene Malahoo Forte asked the NIDS Secretariat to provide an example of what steps would be taken to prevent identity theft.
NIDS Project Director Warren Vernon said that the steps being proposed to prevent identity theft were to “tie someone’s biometric to their birth certificate record”.
“I understand the context coming from BOJ that even though the objective is to prevent identity theft and we are taking all of the necessary action to prevent identity theft, there would always be risk because you have a human factor,” Vernon said.