Erasing Data for Cancelled Enrolments

Erase as much data as possible from cancelled enrolments, and ensure the public knows this data will never be completely erased.

The Bill should limit what data is permanently kept when an enrolment is cancelled. Some of the data connected with an enrolment can never be erased. The Authority needs to keep this data to ensure that the same NIDS number cannot be issued to more than one person. The Bill should also ensure that the public is clearly informed of how their data may be kept and used even when their enrolments are cancelled.

What This Could Look Like in Real Life

01. Claude’s Unnecessary Data Risk

A few years after the launch of NIDS, the government announces that the information held by the Authority can now be used in new ways. Claude is uncomfortable with this, so he cancels his NIDS enrolment.

Based on the current bill draft and the Data Protection Act, the Authority can still keep, use and share his data, even though his enrolment is cancelled.

It is best practice to keep as little data as possible, since breaches can still happen even with the best security tools in place. Without this best practice, most of Claude’s data is unnecessarily at risk of being misused or leaked.

[Relevant Section of NIRA 2020 // Section 14 ]

Details

If a person’s NIDS enrolment is cancelled, the current Bill states that their identity data will be “purged” after a specified period of time. This means that the data will be removed from the National Identity Databases, and a copy of it will be put into long term storage. Neither this Bill nor the Data Protection Act stops this data from still being used.

The main advantage of NIDS is having one and only one NIDS number for each enrollee. To achieve this, the Authority has to keep and use some identity data from cancelled enrolments. That way they can ensure that if a person re-enrols, they are given the same number.

Because sharing identity data can be risky, people need to be able to make properly informed decisions about sharing their data: they should know which of their data will be kept, for how long, and how it will be used. Organisations that collect personal data should also collect and keep as little data as possible, to reduce the risk of data leaks or misuse.

Recommendations

If a person’s NIDS enrolment is cancelled, all their identity data won’t necessarily be erased. Change Section 10(2) of the Bill, so that the Authority is required to tell people about this in a clear way.
If an enrolment is cancelled, the Bill should require that the only data that is kept is the identity data needed to ensure that one and only one NIDS number is ever given to each person who enrols.
If an enrolment is cancelled, the Bill should limit the Authority’s ability to use, report on or carry out verification services on the remaining identity data.

Status: Pending

Watch this space! We will provide an update once the Joint Select Committee has made a decision on this issue.

Last updated 2021-05-27

Talk Up!

If this issue matters to you, talk about it. Share this page (and your questions or suggestions) with friends or government representatives.

Comments, Questions?

Is there something we overlooked with this issue?
Have questions? Let us know!