Erasing Data for Cancelled Enrolments

Erase as much data as possible from cancelled enrolments, and ensure the public knows this data will never be completely erased.

The Bill should limit what data is permanently kept when an enrolment is cancelled. Some of the data connected with an enrolment can never be erased. The Authority needs to keep this data to ensure that the same NIDS number cannot be issued to more than one person. The Bill should also ensure that the public is clearly informed of how their data may be kept and used even when their enrolments are cancelled.

What This Could Look Like in Real Life

These are examples of what the NIDS Bill allows. These examples may not necessarily reflect the intention of the Bill, but are possible based on how the Bill was worded when it was tabled in 2020.

Details

If a person’s NIDS enrolment is cancelled, the current Bill states that their identity data will be “purged” after a specified period of time. This means that the data will be removed from the National Identity Databases, and a copy of it will be put into long term storage. Neither this Bill nor the Data Protection Act stops this data from still being used.    

 

The main advantage of NIDS is having one and only one NIDS number for each enrollee. To achieve this, the Authority has to keep and use some identity data from cancelled enrolments. That way they can ensure that if a person re-enrols, they are given the same number.

 

Because sharing identity data can be risky, people need to be able to make properly informed decisions about sharing their data: they should know which of their data will be kept, for how long, and how it will be used. Organisations that collect personal data should also collect and keep as little data as possible, to reduce the risk of data leaks or misuse.

Recommendations

  • If a person’s NIDS enrolment is cancelled, all their identity data won’t necessarily be erased. Change Section 10(2) of the Bill, so that the Authority is required to tell people about this in a clear way.
  • If an enrolment is cancelled, the Bill should require that the only data that is kept is the identity data needed to ensure that one and only one NIDS number is ever given to each person who enrols. 
  • If an enrolment is cancelled, the Bill should limit the Authority’s ability to use, report on or carry out verification services on the remaining identity data.
  •  

Status: Pending

Watch this space! We will provide an update once the Joint Select Committee has made a decision on this issue.

 

Last updated 2021-05-27

Talk Up!

If this issue matters to you, talk about it. Share this page (and your questions or suggestions) with friends or government representatives.

Share

Comments, Questions?

Is there something we overlooked with this issue?
Have questions? Let us know!