I thank the Chairman and members for the invitation to attend this morning to discuss the public services card, PSC. I am looking forward to the questions of committee members on what is a very important topic. Before discussing the public services card, it might be useful to give a brief overview of the history of the card, the background to the recent report by the Data Protection Commission on the card and the developments since the report was published on 17 September last.
The public services card has its genesis in the 1990s and its purpose has always been clear, namely, to provide a means of verifying a person's identity when accessing public services. In December 1993, the then Government approved in principle the development of an integrated social services system, ISSS, which would provide a more integrated approach to the administration, delivery, management and control of statutory income support services. An interdepartmental committee was established to progress that initiative. That committee made a number of recommendations that were subsequently implemented, the main objectives of which were to improve customer services, provide value for money, and modernise the public service and the way it carries out its work on behalf of the citizens of our State. The committee recommended that legislation be introduced to allow the then revenue and social insurance number, RSI number, to be adopted as a single public service identifier. It also recommended that the use of the social services card be expanded across the public service to support customer identification, speed up access to social services and support new electronic payments. It also suggested that the card should include a photograph of the customer to facilitate identification when he or she availed of public services.
These recommendations were published in a 1996 interdepartmental report and formed the basis for measures taken by one of my predecessors in this Department, the former Minister for Social, Community and Family Affairs, Deputy Dermot Ahern, in February 1998. He introduced legislation in the Dáil to provide for the standardisation of the RSI number as the personal public service number, PPSN; the replacement of the social services card by the public services card, which would have the person's name, PPSN and the card number visible on the front; and the use of new technology on cards to develop new methods of paying social welfare benefits. The Government made it clear at the time that both the public services card and the PPSN were to be used widely across the public service to assist people in their dealings with public sector organisations.
Subsequent Governments progressed this policy and introduced a small number of further legislative amendments, providing, for example, that the Minister would not issue a PSC unless he or she was satisfied as to the identity of the person to whom the card was being issued, and that the person's photograph and signature would be included on the card.
Following the development and implementation of the standard framework for authentication of identity, the standard authentication framework environment, SAFE, public service cards were first introduced in 2011. The PSC is now widely used by a number of bodies as a means of identification. These bodies include my Department, the Revenue Commissioners, the Passport Office, Student Universal Support Ireland, SUSI, the National Driver Licence Service and the Irish Naturalisation and Immigration Service. In practice, this means that once a person has authenticated his or her identity via the SAFE process and has been issued a PSC, that person does not have to submit the same information to authenticate his or her identity each and every time he or she makes an application to any of the bodies that use that card. There are more than 3.2 million active users of the PSC, representing more than 80% of the adult population in the State. In this context, it should also be noted that, each week, payments valued at approximately €150 million are made via our post offices by more than 600,000 people, whose identity is verified on each occasion by using their PSCs. Every week, approximately 600,000 free travel journeys are made using the PSC. Every year, approximately 70,000 people over the age of 18 apply for a passport for the first time using their PSC to avoid having to resubmit identity data. Almost 420,000 PSC holders have verified their identity to a standard that enables them to access a wide variety of online services with the bodies mentioned via MyGovID. The development of the PSC has been welcomed by the public. Research commissioned by my Department indicates high levels of satisfaction with the overall process among holders.
On 27 October 2017, the Data Protection Commission initiated an investigation into the Department's compliance with its responsibilities as a data controller in respect of PSC-related matters, including the legal basis for the processing of personal data and compliance with EU law. The Department fully co-operated with the investigation, including through the provision of detailed responses to a draft report provided to the Department at the midpoint of the investigation process. The final report relating to the legal basis and transparency issues contained eight findings and was received by my Department on 15 August 2019, together with a letter from the commission requiring the Department to take certain measures. The Data Protection Commission stated that it did not have the legal powers to publish the report but it issued a press release setting out the key findings and the measures that it required my Department to take. It requested that my Department publish the report of its own volition.
The commission found that my Department has the legal powers to require users of its services to authenticate their identity to SAFE standards, to issue a PSC to these users and to require them to produce it as a means of authenticating their identity when accessing Department of Employment Affairs and Social Protection services. It found that the right to issue a PSC did not extend to circumstances where the user was acquiring it solely for the purpose of transactions with other bodies in circumstances where these bodies did not offer their users an alternative means of authenticating their identity. It found that the Department did not have the right to indefinitely and on a blanket basis retain documents and other information collected for the purposes of authenticating identity. Finally, it found that the information provided to users in respect of the PSC did not satisfy transparency requirements.
My Department, together with the Department of Public Expenditure and Reform, considered the report carefully and we sought the advice of the Attorney General's office. Following this consideration, it was concluded that the processing of personal data related to the PSC complies with legal requirements, the document retention is lawful and the information provided satisfies our transparency requirements. The commission has advised my Department that an enforcement notice is being prepared which will be issued to the Department in respect of its investigation. My Department will carefully consider this notice when it is received and we will take the appropriate actions in light of the advice from the Attorney General's office, which may include referral to our courts. I look forward to hearing the committee's views and answering any questions.