Public Service Card - ID card by stealth?

Kopparberg Strawberry and Lime

I'm sorry if this has been done before but I don't have the energy to go back through the pages

I want to add another category to my driving licence which means I have to sit a theory test and I cannot do so without a PSC card.

A load of crap since I already have 3-4 full licences.

But I just went through the rigmarole of registering to find I have to find time to sit in one of their offices to get signed up for welfare (full time employee by the way) before I can actually apply for the card ?

Also they want ID (oh hey a driving licence is good here ! What's wrong with that everywhere !!!)

Proof of address ( fine)

And my birth certificate ??? I mean Irish born, Irish parents and I'm sure I'm on the welfare system somewhere. And I don't think I can find my birth certificate anyway, might have gone missing years ago

Did anybody who got a card go through all this need all that information ? Maybe I'm missing something ?

Again this card is a sham and we've done fine without it so far !

recedite

Kopparberg Strawberry and Lime wrote: »

Did anybody who got a card go through all this need all that information ? Maybe I'm missing something ?

No, that's correct. Eventually everybody will have a card that was never mandatory. Its an Irish solution to an Irish problem

BTW I never liked how easy it was to get a copy of my birth cert. Pretty sure I could scam a copy of somebody else's easily enough, just find out their name, date of birth and where they were born, then walk into the office and pay the fee. Probably go on to get a PPS number driving driving licence and passport from there, provided the real person hadn't already applied for these.
I remember a few years ago there was a scam in the UK with Irish birth certs being used in scam marriages to foreigners looking for residency rights over there. Not sure whether the real people were deceased, or just living in Ireland oblivious to the whole thing.

So one good thing about this new card is that its at a whole higher level of secure identification right from the start.

BarryM

Do I recall correctly that in the novel about assassinating De Gaulle, whatever his name is, the writer, used exactly that trick to get a birth cert? Only thing is he used a dead child.....

I did see several times, when the birth cert office was near Westland Row, people changing the names on birth certs, simply by saying it was wrong on the original, ok then......

RustyNut

recedite wrote: »

So one good thing about this new card is that its at a whole higher level of secure identification right from the start.

More secure than the passport or driving license that I already have?

Sam Russell

RustyNut wrote: »

More secure than the passport or driving license that I already have?

If you have a pink paper driving licence, then yes, the PSC card is more secure. The security on passports were beefed up following that guy in the London Embassy selling passports.

Security is an ongoing battle, and ongoing effort to improve it. The PSC is an attempt to issue a card that requires face to face interview with a photo taken at the interview. Driving licences are currently issued following a face to face interview. Passports required a Garda to certify the photo was of the person applying and was known to the Garda (like, yea).

If they introduced legislation, and made it an ID card and be done with, it would clarify this nonsense they have created.

FreudianSlippers

AndrewJRenko wrote: »

So tell me then, why do we need national ID cards, given that most people already have passport or driving licence? What value are we getting from this €60m project?

Carrying around a passport all the time is not advised by the DFA and is inconvenient. Of Irish people living here, it's estimated that only 70% hold a passport and significantly less holding a passport card. That also doesn't deal with non-Irish residents.

I think there are a lot of significant issues with the roll-out of the PSC, but the passport/driving licence argument doesn't hold water.

BarryM

OK, update this morning by whatever Minister for everything else that Newstalk could find as willing to get up early.
- The PSC is for accessing all the important and sensitive information based services of the gov..... including the Revenue....
Rubbish - I have been a ROS customer since forever, they have NEVER mentioned the PSC, even though they changed their access system recently. They have used a double access system since the beginning, The need you to register then send you a PAPER confirmation and you need to log in and confirm. 
As I said already, I received a PSC as a renewal for my free travel, I didn't ask. It had my photo and sig which I have now worked out were from my passport application.
I needed a new driving license recently, the person in the office ignored the fact that I had a PSC and I went through the whole photo/signature routine on their equipment and got a driving license in the post. 
A poster above seems to have an even bigger runaround to add something to their driving license.
So, what is all this shyte about an efficient single system for accessing gov services?

FreudianSlippers

BarryM wrote: »

OK, update this morning by whatever Minister for everything else that Newstalk could find as willing to get up early.
- The PSC is for accessing all the important and sensitive information based services of the gov..... including the Revenue....
Rubbish - I have been a ROS customer since forever, they have NEVER mentioned the PSC, even though they changed their access system recently. They have used a double access system since the beginning, The need you to register then send you a PAPER confirmation and you need to log in and confirm. 
As I said already, I received a PSC as a renewal for my free travel, I didn't ask. It had my photo and sig which I have now worked out were from my passport application.
I needed a new driving license recently, the person in the office ignored the fact that I had a PSC and I went through the whole photo/signature routine on their equipment and got a driving license in the post. 
A poster above seems to have an even bigger runaround to add something to their driving license.
So, what is all this shyte about an efficient single system for accessing gov services?

Agreed - we should obviously have a national ID card (perhaps issued by the NLDS since they're already doing the pre-requisite work for driving permits/licence) which everyone who doesn't have a permit/licence and then anyone who is accessing services (free transit, dole, etc.) gets their PSC card from Intreo or whatever the hell they're calling it now.

AndrewJRenko

FreudianSlippers wrote: »

Carrying around a passport all the time is not advised by the DFA and is inconvenient. Of Irish people living here, it's estimated that only 70% hold a passport and significantly less holding a passport card. That also doesn't deal with non-Irish residents.

I think there are a lot of significant issues with the roll-out of the PSC, but the passport/driving licence argument doesn't hold water.

That's why I said 'passport or driving licence". What does the percentage rise to when you take passport or [conveniently pocket sized] driving licence into account?

antoinolachtnai

The procedure that PSC operate is not really particularly secure from what I can see. It certainly does not appear to have the same level of security and control as the procedure in relation to issuance of a passport.

You are talking about the situation at the London Embassy in 1987?

There is no crime and security requirement for a national identity card. Various justice ministers have said so. It is hard to see how political approval for a national id card could happen with that being the case.

FreudianSlippers

AndrewJRenko wrote: »

That's why I said 'passport or driving licence". What does the percentage rise to when you take passport or [conveniently pocket sized] driving licence into account?

Just under 60% of the population holds a driving licence (including learner permits) but I can't think of any way that it would be possible to figure out the overlap of passport holder / licence holder.

I'd also disagree that a standard passport is "pocket sized" and again, I outline that the DFA is clear that you should not carry around your passport (either size) as identification.

I believe there is a significant enough portion of the population who is without a form of identification and we should do something about that. Is the PSC the thing we should be doing about it? No. Are there data protection concerns? Yes.

antoinolachtnai

Maybe a lot of people just don't need ID in their day to day lives?

Denmark operates just fine without a national ID card.

The requirement for the future of government services would seem to be online authentication. The PSC doesn't really provide any secure platform for this.

Denmark does have such a platform.

AndrewJRenko

FreudianSlippers wrote: »

Just under 60% of the population holds a driving licence (including learner permits) but I can't think of any way that it would be possible to figure out the overlap of passport holder / licence holder.

I'd also disagree that a standard passport is "pocket sized" and again, I outline that the DFA is clear that you should not carry around your passport (either size) as identification.

I believe there is a significant enough portion of the population who is without a form of identification and we should do something about that. Is the PSC the thing we should be doing about it? No. Are there data protection concerns? Yes.

There is no suggestion that you're going to be carrying the PSC card around with you, unless you're going to be using for free travel. So the 'pocket sized' issue is a bit of a red herring. If you're going to need ID for a trip to the bank or whatever, it's not a huge deal to have to bring your passport with you. Certainly, there is a generation of younger folk well used to bringing their passport when they go out on the tear, and they seem to manage it without huge problems.

I still don't see what problem this is going to solve.

oscarBravo

AndrewJRenko wrote: »

Certainly, there is a generation of younger folk well used to bringing their passport when they go out on the tear...

I still don't see what problem this is going to solve.

I think you might have answered your own question. :pac:

AndrewJRenko

oscarBravo wrote: »

I think you might have answered your own question. :pac:

So we're spending €60m on a drinking card?

my poor tortured hands

The procedure for applying for a PSC card breaks the Data Protection Act, in my view.

During the face to face meeting, the customers are asked to select two questions from a long list of personal questions.
I asked for their purpose in wanting that info. Social Protection said the info had a single purpose, and that purpose was that when I called up on the phone a few weeks later, to activate my card, that I'd be asked for the answers to those questions and if I gave the answers that that would prove something.

Well, what exactly would it prove?
It doesn't prove that the caller on the phone is the same person as the person who attended the face to face meeting.
The caller on the phone could have obtained the answers to the questions using deception or theft.



That's not my main problem though. My problem, which is a breach of the DP Act, is that the questions contain personal info, and it's not necessary that they do.

Social Protection should merely ask for the customer to provide a pass phrase, and tell the customer to provide that same pass phrase when they call up to activate the card.
There's no need to use personal info, and if there's no need to use personal info then it represents overuse of personal info and that's a breach of the Data Protection Act.


They break the law without even realising it.
By the way, they did breach the act in a second way as well. I'll explain how if anyone's interested. Basically they failed to tell the truth about the purpose of the questions on their question sheet, in addition to using personal info where it wasn't necessary.

Sam Russell

my poor tortured hands wrote: »

The procedure for applying for a PSC card breaks the Data Protection Act, in my view.

During the face to face meeting, the customers are asked to select two questions from a long list of personal questions.
I asked for their purpose in wanting that info. Social Protection said the info had a single purpose, and that purpose was that when I called up on the phone a few weeks later, to activate my card, that I'd be asked for the answers to those questions and if I gave the answers that that would prove something.

Well, what exactly would it prove?
It doesn't prove that the caller on the phone is the same person as the person who attended the face to face meeting.
The caller on the phone could have obtained the answers to the questions using deception or theft.



That's not my main problem though. My problem, which is a breach of the DP Act, is that the questions contain personal info, and it's not necessary that they do.

Social Protection should merely ask for the customer to provide a pass phrase, and tell the customer to provide that same pass phrase when they call up to activate the card.
There's no need to use personal info, and if there's no need to use personal info then it represents overuse of personal info and that's a breach of the Data Protection Act.


They break the law without even realising it.
By the way, they did breach the act in a second way as well. I'll explain how if anyone's interested. Basically they failed to tell the truth about the purpose of the questions on their question sheet, in addition to using personal info where it wasn't necessary.

Essentially they are asking for a pass phrase because they have no way of telling if you have given a truthful answer or not - nor do they care.

Q 'What is the name of your pet?' A 'I never had a pet.' or A 'Leo'. or A 'Tabby'

None of the answers might be true. I always make up an answer to such questions unless they have to be true.

Asking 'What is your mothers maiden name?' is just a daft question because it is an obvious question to which the answer is known to quite a few people, and can be easily found out. For some people, their mothers maiden name is the same as theirs.

The whole thing is badly thought out and badly implemented.

my poor tortured hands

Sam Russell wrote: »

Essentially they are asking for a pass phrase because they have no way of telling if you have given a truthful answer or not - nor do they care.

Q 'What is the name of your pet?' A 'I never had a pet.' or A 'Leo'. or A 'Tabby'

None of the answers might be true. I always make up an answer to such questions unless they have to be true....

I accept what you're saying but many people would provide truthful answers.

In general, you're told it is very serious to provide false answers to SP or to Revenue. Why would this be different?

Social Protection have a very poor record when it comes to complying with the DP Act.

I am aware of many more breaches. For example, SP demanding financial information for a period in excess of five years for the purpose of a means test. A means test doesn't apply to period of time five or more years ago.

I'm extremely dissappointed that our country is so lawless.

BorneTobyWilde

I always make up answers to security questions and after a while forget the answers. Same online, if filling in a form , I always use different names and dates of birth so on.
Of course when I forget a password for a site it makes it difficult to reset it. I try to write down stuff now for my own use, if and when I do forget a password and need to reset it using info.

oscarBravo

AndrewJRenko wrote: »

So we're spending €60m on a drinking card?

It was a tongue-in-cheek response - the clue was in the :pac: - but bringing your passport out on a drinking session is a truly terrible idea.

Sam Russell

oscarBravo wrote: »

It was a tongue-in-cheek response - the clue was in the :pac: - but bringing your passport out on a drinking session is a truly terrible idea.

If we need a 'drinking' card, it would be better to have an official one - that is a national ID card with proper certification of identity with the best possible security for any information contained on the card, and for any use of it.

The PSC fails on many levels. Is it mandatory for Gov interaction? Is it secure? Is it issued on a solid secure basis? In other words, does it provide sufficient protection against personation? Is all data encrypted to a sufficient level? Is it backed be legislation?

AndrewJRenko

my poor tortured hands wrote: »

I accept what you're saying but many people would provide truthful answers.

In general, you're told it is very serious to provide false answers to SP or to Revenue. Why would this be different?
.

It's hard to remember untruthful answers. Writing down the answers defeats the purpose, and opens up a whole load of other security issues about keeping the answers safe.

oscarBravo wrote: »

It was a tongue-in-cheek response - the clue was in the :pac: - but bringing your passport out on a drinking session is a truly terrible idea.

It seems like a terrible idea to me, but it also seems to happen routinely for the 18-25 age group without their world falling apart.

my poor tortured hands

Sam Russell wrote: »

Essentially they are asking for a pass phrase because they have no way of telling if you have given a truthful answer or not - nor do they care.

I should have picked up on this when I first replied.

They have no choice but to care. Not caring is a breach of the DP Act. They are required by law to ensure their info is accurate. If you tell them you have provided false info they must take action.

I accept what you say though. I understand your point as well. Social Protection have no purpose for receiving the personal info, and that's why it doesn't matter to them if the info is wrong.

But saying that just exposes the fact that SP are wrong to be requesting the personal info in the first place, as they have no use for it.

It's a straightforward breach of the DP Act.

I'm concerned that the Data Protection Commissioner has said she has examined this process in detail and yet she has apparently failed to pick up on this point.


Social Protection are insisting that people provide personal infomation when all that's required is an agreed pass phrase which shouldn't contain personal info.

Straightforward breach of the law.

FreudianSlippers

my poor tortured hands wrote: »

I should have picked up on this when I first replied.

They have no choice but to care. Not caring is a breach of the DP Act. They are required by law to ensure their info is accurate. If you tell them you have provided false info they must take action.

I accept what you say though. I understand your point as well. Social Protection have no purpose for receiving the personal info, and that's why it doesn't matter to them if the info is wrong.

But saying that just exposes the fact that SP are wrong to be requesting the personal info in the first place, as they have no use for it.

It's a straightforward breach of the DP Act.

I'm concerned that the Data Protection Commissioner has said she has examined this process in detail and yet she has apparently failed to pick up on this point.


Social Protection are insisting that people provide personal infomation when all that's required is an agreed pass phrase which shouldn't contain personal info.

Straightforward breach of the law.

What brings you to the conclusion that simply requesting "personal [data]" is in breach of the DPA? Surely their answer is that they need it for security purposes to protect other collected personal data.

Sam Russell

my poor tortured hands wrote: »

I should have picked up on this when I first replied.

They have no choice but to care. Not caring is a breach of the DP Act. They are required by law to ensure their info is accurate. If you tell them you have provided false info they must take action.

I accept what you say though. I understand your point as well. Social Protection have no purpose for receiving the personal info, and that's why it doesn't matter to them if the info is wrong.

But saying that just exposes the fact that SP are wrong to be requesting the personal info in the first place, as they have no use for it.

It's a straightforward breach of the DP Act.

I'm concerned that the Data Protection Commissioner has said she has examined this process in detail and yet she has apparently failed to pick up on this point.


Social Protection are insisting that people provide personal infomation when all that's required is an agreed pass phrase which shouldn't contain personal info.

Straightforward breach of the law.

I do not agree.

Some of the questions are asking for personal info, but not all. Some are just plain dumb, like your mother's maiden name.

If they asked you 'What was the colour of the wallpaper on your bedroom wall when you were a child?' - how is that personal information?

Also, they do not ask you to be truthful, merely asking you to pick questions from a list. If they insisted you answer every question, and that you be truthful, then you would have a point, but they do not.

As I said, they do not verify your answers, and I believe they do not care.

my poor tortured hands

Requesting personal data that you don't have a purpose for is a breach.

SP are asking for personal info when an agreed password or pass phrase could have been used.

my poor tortured hands

Sam Russell wrote: »

I do not agree.
...
If they asked you 'What was the colour of the wallpaper on your bedroom wall when you were a child?' - how is that personal information?

I see your point but technically that is personal information and it's un-necessary that they ask for it.

I agree there is no maliciousness involved but it is still a breach. The Dept. clearly don't understand their own purpose.

Sam Russell wrote: »

Also, they do not ask you to be truthful, merely asking you to pick questions from a list.....

There is a strong explicit requirement that you be truthful. Technically, you could be prosecuted. Again, I understand there is no maliciousness involved.


In my memory all of the questions contained personal info. There was no question that allowed for non-personal info to be given. I don't have a perfect memory though and I can't find the list of questions online.

FreudianSlippers

my poor tortured hands wrote: »

Requesting personal data that you don't have a purpose for is a breach.

SP are asking for personal info when an agreed password or pass phrase could have been used.

The purpose only needs to be specified, explicit and legitimate... the DPC (particularly where the data controller is carrying out a duty in the public interest) is not interested in the purpose itself but rather the adequacy, relevance and necessity in relation to that purpose.

If the DSP claim that requesting the information is for security purposes to protect other protected data, then it is not a breach to collect data in relation to that purpose. There is nothing in the DPA along the lines you suggest that states that if there is an alternative way to achieve that purpose that the data controller must use that method, or that it makes other methods irrelevant or not necessary.

my poor tortured hands

The use of personal data should be minimised.

If, for example, you want to know that it's me who is calling you later on the phone we could agree a password to use, like 'purple banana'. I say the pasword and you know it's me.

Hmmm, you say, I have another way of doing this. You can give me all your personal info, like your name, your address, your DOB, and your banking info, and then when you call on the phone I can simply ask you to repeat all of the info.

That second method would not be compliant. Data use should not be 'excessive' and excessive is the word used in the legislation.


The use of any personal data at all would be excessive for the purpose described in this post, i.e the purpose of a identifying password.
'Purple banana' works just as well as names of pets or of colours of wallpapers.

Sam Russell

my poor tortured hands wrote: »

The use of personal data should be minimised.

If, for example, you want to know that it's me who is calling you later on the phone we could agree a password to use, like 'purple banana'. I say the pasword and you know it's me.

Hmmm, you say, I have another way of doing this. You can give me all your personal info, like your name, your address, your DOB, and your banking info, and then when you call on the phone I can simply ask you to repeat all of the info.

That second method would not be compliant. Data use should not be 'excessive' and excessive is the word used in the legislation.


The use of any personal data at all would be excessive for the purpose described in this post, i.e the purpose of a identifying password.
'Purple banana' works just as well as names of pets or of colours of wallpapers.

Except id doesn't.

e.g.

'What was the password we agreed last time we spoke?'

'When was that?'

'Cannot tell you that - it would be a breach of security.'

But

'You gave us answers to two security questions - What was the answer to the one about your pet?'

'Oh, let me think - yes, it was a goldfish'

'That is the answer you gave - Now how can I help you?'

I do not see any personal data being infringed there.

FreudianSlippers

my poor tortured hands wrote: »

The use of personal data should be minimised.

If, for example, you want to know that it's me who is calling you later on the phone we could agree a password to use, like 'purple banana'. I say the pasword and you know it's me.

Hmmm, you say, I have another way of doing this. You can give me all your personal info, like your name, your address, your DOB, and your banking info, and then when you call on the phone I can simply ask you to repeat all of the info.

That second method would not be compliant. Data use should not be 'excessive' and excessive is the word used in the legislation.


The use of any personal data at all would be excessive for the purpose described in this post, i.e the purpose of a identifying password.
'Purple banana' works just as well as names of pets or of colours of wallpapers.

That's certainly not my reading of the DPA 1998 (as amended) and I would again suggest that it is merely your opinion that just because there is a more efficient method of doing something means that the less efficient method is "excessive". I would also be of this opinion in line with the impending GDPR.

my poor tortured hands

The password can be written down.

Anyway, what exactly IS the purpose of the password as used by Social Protection?

That the person calling on the phone is the same person as the person who attended the face to face meeting?

The password doesn't prove that at all and in fact it doesn't really seem to do much at all.
If I attended the personal meeting I could choose to give the password to someone else, and they could impersonate me.
Or,
I could attend the personal meeting and then the password could be obtained from me, through deception, theft or other methods. I'm partial to attractive honey pots for example.



If someone intercepted the mail which contained the newly issued Public Service card then they wouldn't know the password. So they wouldn't be able to activate the card.
So the system works, for random interceptors!

An interceptor wouldn't know a password if it was random. But, if it was personal info, they might know the answer.
In other words, a random password is more effective than using obscure personal info.

What exactly are Social Protection doing with their question and answer sheets?

my poor tortured hands

FreudianSlippers wrote: »

That's certainly not my reading of the DPA 1998 (as amended) and I would again suggest that it is merely your opinion that just because there is a more efficient method of doing something means that the less efficient method is "excessive". I would also be of this opinion in line with the impending GDPR.

2.—(1) A data controller shall, as respects personal data kept by him, comply with the following provisions:
...
(b) the data shall be accurate and, where necessary, kept up to date,

(c) the data—

....

(iii) shall be adequate, relevant and not excessive in relation to that purpose or those purposes, and

Sam Russell

my poor tortured hands wrote: »

The password can be written down.

Anyway, what exactly IS the purpose of the password as used by Social Protection?

That the person calling on the phone is the same person as the person who attended the face to face meeting?

The password doesn't prove that at all and in fact it doesn't really seem to do much at all.
If I attended the personal meeting I could choose to give the password to someone else, and they could impersonate me.
Or,
I could attend the personal meeting and then the password could be obtained from me, through deception, theft or other methods. I'm partial to attractive honey pots for example.



If someone intercepted the mail which contained the newly issued Public Service card then they wouldn't know the password. So they wouldn't be able to activate the card.
So the system works, for random interceptors!

An interceptor wouldn't know a password if it was random. But, if it was personal info, they might know the answer.
In other words, a random password is more effective than using obscure personal info.

What exactly are Social Protection doing with their question and answer sheets?

I see your point.

There is facility on the card for a PIN but I am unaware if it is implemented.

My bank card has a password and a PIN. On the phone, I am asked for 'the 3rd, 5th, and 6th letter of the password and maybe the 3rd digit of the PIN - but do not tell me all of it.' But then Banks are better at security than the the DSP is.

FreudianSlippers

my poor tortured hands wrote: »

2.—(1) A data controller shall, as respects personal data kept by him, comply with the following provisions:
...
(b) the data shall be accurate and, where necessary, kept up to date,

(c) the data—

....

(iii) shall be adequate, relevant and not excessive in relation to that purpose or those purposes, and

Again, you don't seem to understand what that's saying.

1) There needs to be a specified purpose for collecting the personal data; in this case (regardless of whether you personally agree with it or not) the purpose is account security;
2) The data collected for that purpose must be accurate, adequate, relevant and not excessive in relation to that purpose or those purposes.


I understand what you're angling at - there is a different method of securing the account information - but it doesn't logically follow that this method is in breach of the DPA.

View

I know a person living outside Ireland who decided to check out their social welfare contributions towards their pension.

They were happy to see this can now be done online but totally dumbfounded to discover the online process to do this has a step in it that insists that they MUST register for & get a Public Service Card at their local social welfare in the area that they live (in Ireland). They would literally need to lie about their address to get a Public Service Card!

As they are two decades away from qualifying to claim & receive the state pension, it is ludicrous to demand that they get a Public Services Card.

gizmo555

View wrote: »

I know a person living outside Ireland who decided to check out their social welfare contributions towards their pension.

Suggest they make an access request for their contribution records under Section 4 of the Data Protection Acts. The Dept cannot deny this request and your acquaintance can take a complaint to the Data Protection Commissioner if they are refused.

my poor tortured hands

I have made Access Requests to the Dept. of SP under Data Protection and I've never received 'contribution records'. I may have received a document showing total contributions at different classes, I'm not sure.

The Dept. initially refused to provide certain records and I had to seek assistance from the DP Commissioner.



In relation to the Public Services card why does the Dept. photocopy the back side of a drivers licence?
That contains personal info which they don't have a use for.
I asked the question and didn't receive a reply.

AndrewJRenko

gizmo555 wrote: »

Suggest they make an access request for their contribution records under Section 4 of the Data Protection Acts. The Dept cannot deny this request and your acquaintance can take a complaint to the Data Protection Commissioner if they are refused.

They can't deny the request, but they can take reasonable steps to confirm ID for the data access request. I've a vague memory of having to send a passport copy to Virgin/UPC for a data access request in the past.

View

gizmo555 wrote: »

View wrote: »

I know a person living outside Ireland who decided to check out their social welfare contributions towards their pension.

Suggest they make an access request for their contribution records under Section 4 of the Data Protection Acts. The Dept cannot deny this request and your acquaintance can take a complaint to the Data Protection Commissioner if they are refused.

That’s useful advice and I will pass it on.

That said, a person shouldn’t have to resort to a special procedure to acquire such information. It should be accessible via the standard procedure by default.

If they must prove their id to get such info - and that in itself would be a reversal of normal long-standing procedures - they can easily provide such proof via a driving licence or passport. They shouldn’t be obliged to fly back to Ireland and make false claims about being living here to obtain a Public Services Card and hence their info.

gizmo555

AndrewJRenko wrote: »

They can't deny the request, but they can take reasonable steps to confirm ID for the data access request.

They can of course and they should, to make sure the request is genuine.

What they can't do is claim that the only reasonable confirmation of ID is a public services card.

View

View wrote: »

I know a person living outside Ireland who decided to check out their social welfare contributions towards their pension.

They were happy to see this can now be done online but totally dumbfounded to discover the online process to do this has a step in it that insists that they MUST register for & get a Public Service Card at their local social welfare in the area that they live (in Ireland). They would literally need to lie about their address to get a Public Service Card!

As they are two decades away from qualifying to claim & receive the state pension, it is ludicrous to demand that they get a Public Services Card.

This is only right and sensible. They MUST be sure that the information they are giving out is going to the person requesting it. The best way to verify that is by using the Public Service Card. Otherwise, they can set up an account and request the information be mailed to them.

"Please visit MyWelfare to request a Contribution Statement. If you do not already have one, you will need to create a MyGovID account online. For this you will be required to provide an email address and some personal information. MyGovID is a secure online account that will enable you to access a broad range of Government services online including your Contribution Statement on MyWelfare.

Once you create a Basic MyGovID account, you can request your Contribution Statement to be posted to the address on file. A printed copy will be sent to your postal address, provided that the PPSN, Date of Birth and address you provide satisfy an automated matching process as against the relevant details held by the Department." https://www.welfare.ie/en/Pages/secure/RequestSIContributionRecord.aspx

gizmo555

Deleted User wrote: »

The best way to verify that is by using the Public Service Card.

Says who? And for what reasons?

gizmo555

gizmo555 wrote: »

They can of course and they should, to make sure the request is genuine.

What they can't do is claim that the only reasonable confirmation of ID is a public services card.

If you read the link I’ve provided, you will find that it’s not necessary to have a PSC in order to be provided with details of your contributions. All you need do is give your PPSN and the details will be mailed out to the address associated with that number. It’s only when you wish to do the lot online that they seek extra proof, ie your unique PSC. This will rule out any Tom, Dick or Harry accessing someone else’s data.

Mountainsandh

I registered for it today, it was really easy and painless, turned up at the offices early morning with relevant documentation but no appointment, just walked in.
I should have it in the post shortly.

Provided use of my data is strictly restricted, protected and monitored, I've no problem with the card.
Its introduction was yet another communication disaster though.

I think there should be an option to subscribe for a voluntary health card too, which use would be on a strictly voluntary basis, where user and anyone they allow would have access to all medical history/records. It would really improve communication and thus medical services.

airuser

Possibly, why not? Every country in Europe except Britain and N.Ireland has one and one is obliged to carry it. Just like a Driving Permit in this if one is driving.

gizmo555

Deleted User wrote: »

If you read the link I’ve provided, you will find that it’s not necessary to have a PSC in order to be provided with details of your contributions. All you need do is give your PPSN and the details will be mailed out to the address associated with that number. It’s only when you wish to do the lot online that they seek extra proof, ie your unique PSC. This will rule out any Tom, Dick or Harry accessing someone else’s data.

I did read the link you provided, and doesn't say that "All you need do is give your PPSN."

What it claims is that "If you do not already have one, you will need to create a MyGovId account online", in order to get a contribution statement. You don't.

I note also you ignore my questions about your claim that a PSC is the best way to verify ID.

gizmo555

gizmo555 wrote: »

I did read the link you provided, and doesn't say that "All you need do is give your PPSN."

What it claims is that "If you do not already have one, you will need to create a MyGovId account online", in order to get a contribution statement. You don't.

I note also you ignore my questions about your claim that a PSC is the best way to verify ID.

"Once you create a Basic MyGovID account, you can request your Contribution Statement to be posted to the address on file. A printed copy will be sent to your postal address, provided that the PPSN, Date of Birth and address you provide satisfy an automated matching process as against the relevant details held by the Department" No mention of PSC.

Having gotten my PSC over a year ago (Long before the faux outrage arose) I know that MY proof of identity, PPSN, photo and signature are unique to me. The card can double up as a free travel card when the time comes.

RustyNut

[Deleted User] wrote: »

Having gotten my PSC over a year ago (Long before the faux outrage arose) I know that MY proof of identity, PPSN, photo and signature are unique to me. The card can double up as a free travel card when the time comes.

Is it any better or more secure than the new credit card driving license that I have with the exception of the free travel pass that I'm a few years away from?

gizmo555

Deleted User wrote: »

Having gotten my PSC over a year ago (Long before the faux outrage arose) I know that MY proof of identity, PPSN, photo and signature are unique to me. The card can double up as a free travel card when the time comes.

Again, you're ignoring the question.