« S(1) 8 Security information | Main | Schedule 2 »
December 12, 2004
S(1) 9 Records of provision of information
Records of provision of information
9 The following may be recorded in the entry in the Register for an individual
(a) particulars of every occasion on which information contained in the individual’s entry has been provided to a person;
(b) particulars of every person to whom such information has been provided on such an occasion;
(c) other particulars, in relation to each such occasion, of the provision of the information.
Posted by wtwu at December 12, 2004 01:30 PM
Trackback Pings
TrackBack URL for this entry:
http://www.spy.org.uk/cgi-bin/mt316/mt-tb.cgi/797
Comments
The registered person must have free access to the full audit trail.
How else is Identity Theft or Racial Harrassment via excessive demands to show ID Cards or via Biometric checks, meant to be detected otherwise ?
c.f. oral evidence to the Home Affairs Committee by Jan Berry, of the Police Federation on 10th February 2004
http://www.publications.parliament.uk/pa/cm200304/cmselect/cmhaff/uc130-iii/uc13002.htm
This full audit trail must also be available to the heirs of a deceased registered person in order to use as evidence in any probate disputes or legal court cases.
The full audit trail must be available to the National Identiity Register Commissioner
This full audit trail is extremely sensitive personal data, since it could easily reveal medical data e.g. time and attendance at a specialised AIDS, or cancer, or pregnancy clinic, time spent in prison etc.
RECCOMENDATION:
Allow a registered person free access to the full audit trail of the pattern of usage of their own ID Card and each and every use and modifiication of their National Identity Register entry by officialdom or the licensed private sector.
Prohibit any access to NIR audit trail transactions by petty officials or private sector sub-contractors, which might reveal time and attendance visits to specialised medical clinics, prisons etc.
Posted by: wtwu at December 17, 2004 08:23 PM
Database trawling or bulk transfers of this full audit trail should only be allowed for (encrypted) data backup purposes, and not for speculative database trawling.
There should be an independent audit trail of any such data backups, identifying who is personally responsible for them.
Posted by: wtwu at December 17, 2004 08:29 PM
Any accesses of a person's National Identity Register data by automated systems also needs to be clearly identified in the audit trail, and who exactly authorised these, must be available to the individual, so that they can guard against Identity Theft and have any erors or ommsisions rectified (for free)
Posted by: wtwu at December 17, 2004 08:53 PM
for the process to have clarity, every person who asks for the card holders identity should simultaneously provide their own identity card. In order to fulfil s(1)9b a request must be from a person who can prove they are both the person that they claim to be and a person entitled to request the information.
This would require any card readers to be dual card readers.
This would impose an obligation on any organisation (for example any non UK immigration or border control service) that might not be sustainable.
Posted by: mrt at November 25, 2005 01:47 PM