By Dharmendra Yadav
I refer to the report “Collection of iris scans to begin Jan 1 at ICA, SingPost outlets” published in the 28 December edition of the TODAY newspaper.
It was already worrying that a key government function of personal identification data collection will now be outsourced to independent service providers, and Members of Parliament have expressed reservations about this in Parliament.
The passing of the legislation by Parliament was nevertheless an acknowledgment of the reality that the Immigration and Checkpoints Authority (ICA), given its own limited resources, needs some help to comprehensively oversee how information in the national registration data base is collected, accessed and used.
Unfortunately, SingPost, the provider shortlisted by ICA, is a listed company that has been the subject of a corporate governance crisis and an investigation of possible breaches of the Companies Act.
The ICA should share more about the considerations it exercised in shortlisting SingPost, particularly if it considered other service providers with a better corporate governance track record.
In addition, as such providers will now be able to perform functions — albeit carefully selected — that strike at the core of a citizen’s identity, it will be prudent for the ICA to enhance the transparency and accountability of the national registration process, such as disclosing information on parties that have sought to access one’s personal data, and the purposes for which the personal data were sought from the ICA.
If the citizen believes that the information has been accessed improperly, the ICA can provide a redress mechanism.
There is already a precedent for this in the financial records of a Singapore tax resident — that is, such a person can seek, review and query a similar report on his or her personal financial data from Credit Bureau Singapore. If a small vendor such as Credit Bureau Singapore can do this effectively and efficiently, a Singaporean can surely expect more from the ICA.
Alternatively, Parliament can seek to subject the ICA to the personal data request and complaints procedures provided in the Personal Data Protection Act.