Thu | Jun 30, 2022

Green backs NIDS security defence

Published:Wednesday | May 25, 2022 | 12:14 AM
Minister without Portfolio Floyd Green (right) and Prime Minister Andrew Holness unveil a mock-up of the National Identification System card during Green’s contribution to the Sectoral Debate in Parliament on Tuesday.
Minister without Portfolio Floyd Green (right) and Prime Minister Andrew Holness unveil a mock-up of the National Identification System card during Green’s contribution to the Sectoral Debate in Parliament on Tuesday.

The Government has sought the assistance of Estonians to develop security standards and policies required by law for the roll-out of the National Identification System (NIDS).

A local cybersecurity firm has also been contracted to work concurrently with other international security experts amid raging debate about data security and the handling of sensitive information collected through NIDS, including fingerprints.

The firm was not named.

Minister without Portfolio Floyd Green made the announcement during his Sectoral Debate presentation in Parliament on Tuesday.

He said that the security standards developed by the Europeans and cybersecurity firm will be adopted in keeping with ISO27001, which is the international standard for information security that sets out the specification for an information security management system.

The NIDS databases are encrypted by transparent data encryption, Green noted, and fulfil the requirements outlined in the National Identification and Registration Act 2021.

He said transparent data encryption encodes the data within files, and the audit trails of the system will be protected using blockchain technology.

“What it means is if there is unauthorised access or unauthorised use, there will be a record that cannot be deleted by NIRA’s (National Identification Registration Authority) officers,” the minister said.

“This is a new era of transparency. This is new for Jamaica and can only be good for building public trust,” he added.

NIRA’s officers cannot use discretion, Green said, as the requests for information or for the authentication and verification services must come from the individual whose information is being sought or an accredited third-party consented by the individual.

Information cannot be accessed otherwise unless it is by order of the court.

“We have not stopped there, the National Identification System and NIRA have a built-in double oversight mechanism. Under the Data Protection Act, the information commissioner, appointed in late 2021, will provide practical monitoring of the NIDS relating to data protection and privacy,” said Green.

He said the next layer of protection includes an independent oversight body – National Identification and Registration Inspectorate – which will be mandated to monitor the authority’s compliance with the NIDS law and report its findings directly to Parliament.

The inspectorate will also be empowered to take action independently or bring to the attention of the appropriate regulatory or disciplinary body where it is found that the authority or its employees have violated legislation.

This will be undertaken by the Electoral Commission of Jamaica, an entity with a proven track record of accountability, transparency, and effectiveness, Green asserted.

“So when I say it is safe, we have taken all reasonable steps in keeping with the realities of the world we operate in and the best practices around to ensure that the prime minister’s personal data, my data, your data, the leader of the Opposition’s data, and all the identification data of our children are protected,” he insisted.

kimone.francis@gleanerjm.com